BugTraq
Back to list
|
Post reply
PTNews v1.7.7 - Access to administrator functions without authentification
Apr 21 2003 08:49PM
scrap (webmaster securiteinfo com)
(1 replies)
Re: PTNews v1.7.7 - Access to administrator functions without authentification
Apr 29 2003 12:57PM
Rui Pimenta (rui pimenta mail telepac pt)
Update:
Create News: URL Exploitable
Replace Nnews: URL Exploitable
Edit News: URL Exploitable
It's just a matter of learning the indexing structures.
----- Original Message -----
From: "scrap" <webmaster (at) securiteinfo (dot) com [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Monday, April 21, 2003 9:49 PM
Subject: PTNews v1.7.7 - Access to administrator functions without authentification
[snip]
Function / URL :
Create a news / Not an URL : only posted datas. Not impossible to exploit :)
Replace a news / Not an URL : only posted datas. Not impossible to exploit :)
Delete all news / http://www.victim.com/ptnews/ index.php?delete=all
Edit a news / Too difficult to exploit
http://www.openbg.net/ptsite/
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Create News: URL Exploitable
Replace Nnews: URL Exploitable
Edit News: URL Exploitable
It's just a matter of learning the indexing structures.
----- Original Message -----
From: "scrap" <webmaster (at) securiteinfo (dot) com [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Monday, April 21, 2003 9:49 PM
Subject: PTNews v1.7.7 - Access to administrator functions without authentification
[snip]
Function / URL :
Create a news / Not an URL : only posted datas. Not impossible to exploit :)
Replace a news / Not an URL : only posted datas. Not impossible to exploit :)
Delete all news / http://www.victim.com/ptnews/ index.php?delete=all
Edit a news / Too difficult to exploit
http://www.openbg.net/ptsite/
[ reply ]