lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 24 Jun 2004 18:07:08 -0000
From: GaMeS GaMeS <bzh_mrim@...oo.fr>
To: bugtraq@...urityfocus.com
Subject: ZWS Newsletter & Mailing List Manager




hello , i'm a frenchy boy and excuse me for my bad english...

i decover a bug in the newsletter ZWS , 

http://www.target.com/newsletter/admin.php?f=list_user&uname=test&ulevel=1

with this , you can list all user register in the newsletter with respective password.

after u log with a account Admin , u can create User , delete user , etc...

The variable "uname=test" define the nick to connect , 
"ulevel=1" define the level of this nick but 1 is Admin account.

if u want more explication , reply ;)

Bye

GaMeS

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ