source: http://www.securityfocus.com/bid/5866/info MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file. Any remote user can view the contents of the HTML file to determine the administrator password. The administrator password can be found in the HTML code for admin.html below: moncode = prompt('MySimpleNews - Administration',''); if (moncode != "[ADMINPASSWORD]") { location.href="about:Erreur 403"; }
Related Exploits
Trying to match CVEs (1): CVE-2002-2143Trying to match OSVDBs (1): 59092
Other Possible E-DB Search Terms: MySimpleNews 1.0, MySimpleNews
Date | D | V | Title | Author |
---|---|---|---|---|
2002-10-02 |
![]() |
MySimpleNews 1.0 - PHP Injection | frog |