MySimpleNews 1.0 - Remote Readable Administrator Password
| EKU-ID: 27398 | CVE: CVE-2002-2143;OSVDB-59092 | OSVDB-ID: |
| Author: frog | Published: 2002-10-02 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27398 | CVE: CVE-2002-2143;OSVDB-59092 | OSVDB-ID: |
| Author: frog | Published: 2002-10-02 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/5866/info
MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file.
Any remote user can view the contents of the HTML file to determine the administrator password.
The administrator password can be found in the HTML code for admin.html below:
moncode = prompt('MySimpleNews - Administration','');
if (moncode != "[ADMINPASSWORD]")
{
location.href="about:Erreur 403";
}