header-logo
Suggest Exploit
vendor:
Windows
by:
SecurityFocus
5.8
CVSS
MEDIUM
Double URL Encoding
20
CWE
Product Name: Windows
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2002-0647
CPE: o:microsoft:windows
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

csNews Double URL Encoding Vulnerability

csNews is vulnerable to a double URL encoding attack, which allows an attacker to view and modify some administration pages. This is accomplished by submitting a HTTP request in which some metacharacters are double URL encoded.

Mitigation:

Upgrade to the latest version of csNews.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4993/info

csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Users with "public" access to the system may be able to view and modify some administration pages. This is accomplished by submitting a HTTP request in which some metacharacters are double URL encoded.


CSNews.cgi?database=default%2edb&command=showadv&mpage=manager
CSNews.cgi?command=manage&database=default%2edb&mpage=manager

Navigation

Suggest Exploit

Services By CQR