lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 25 Jul 2003 17:13:15 +0200
From: Tjebbe de Winter <Tjebbe.deWinter_@...pam.cysonet.com>
To: bugtraq@...urityfocus.com
Subject: Re: e107 website system Vulnerability


On Thu, Jul 24, 2003 at 03:30:43PM -0500, nokio x0 wrote:
> Heh, I every site that i've come across running the e107 portal seems to ask 
> for admin login before you could use this exploit...Are you sure all 
> versions are vulnerable? Doesn't even work on my own system without asking 
> for login.

See: http://e107.org/news.php

If you post the dump_sql variable with method POST, it'll work.

Regards,

---
 Tjebbe...

-------------------------------------------------------------------------------
Tjebbe de Winter    |      Cysonet  Managed  Hosting      |  tjebbe @ cysonet.com
tel. +31 20 4703339 |       Managing the buzzwords.       |  http://cyso.nl
-------------------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ