4 matches found
MCnews 1.3 SQL Injection
:: MCnews 1.3 :: Download: http://www.phpforums.net/mcNews1.3.zip link off :: Vendor: www.phpforums.net :: Author: s4r4d0 :: mail: [email protected] :: Bug: Sql Injection found on lire.php file :: Exploit: http://host/mcNews/lire.php?n=-1+UNION+SELECT+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14-- ::...
CVE-2005-0800
CVE-2005-0800 describes a PHP remote file inclusion vulnerability in mcNews 1.3 and earlier. The flaw exists in install.php where the l parameter can be modified to reference a URL on a remote server containing PHP code, allowing an attacker to execute arbitrary PHP. The issue is triggered throug...
CVE-2005-0720
CVE-2005-0720 documents a PHP remote file inclusion vulnerability in the admin/header.php component of mcNews 1.3 . An attacker can cause the application to execute arbitrary PHP code by altering the skinfile parameter to reference a URL on a remote server that contains the code. The description ...
McNews 1.3 : File Disclosure Vulnerability
The vulnerable script is mcnewsroot/admin/header.php Exploit it with : header.php?voir=1&skinfile=skin/../../../file/to/view...