| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030725171315.A21545@tiberium.cysonet.com> Date: Fri, 25 Jul 2003 17:13:15 +0200 From: Tjebbe de Winter <Tjebbe.deWinter_@...pam.cysonet.com> To: bugtraq@...urityfocus.com Subject: Re: e107 website system Vulnerability On Thu, Jul 24, 2003 at 03:30:43PM -0500, nokio x0 wrote: > Heh, I every site that i've come across running the e107 portal seems to ask > for admin login before you could use this exploit...Are you sure all > versions are vulnerable? Doesn't even work on my own system without asking > for login. See: http://e107.org/news.php If you post the dump_sql variable with method POST, it'll work. Regards, --- Tjebbe... ------------------------------------------------------------------------------- Tjebbe de Winter | Cysonet Managed Hosting | tjebbe @ cysonet.com tel. +31 20 4703339 | Managing the buzzwords. | http://cyso.nl -------------------------------------------------------------------------------
Powered by blists - more mailing lists