Exploit Database - Logo

MySimpleNews 1.0 - Remotely Readable Administrator Password

EDB-ID: 21901 Author: frog Published: 2002-10-02
CVE: CVE-2002-2143 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/5866/info

MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file.

Any remote user can view the contents of the HTML file to determine the administrator password.

The administrator password can be found in the HTML code for admin.html below:
moncode = prompt('MySimpleNews - Administration','');
if (moncode != "[ADMINPASSWORD]")
{
location.href="about:Erreur 403";
}

Related Exploits

Trying to match CVEs (1): CVE-2002-2143
Trying to match OSVDBs (1): 59092
Other Possible E-DB Search Terms: MySimpleNews 1.0,  MySimpleNews
Date D V Title Author
2002-10-02Download Exploit Code Verified MySimpleNews 1.0 - PHP Injectionfrog
Menu