[Private] Exploit! Xataface Admin auth bypass vulnerability! - Web Application Security

Xin

=======================================================
Xataface Admin Auth Bypass Vulnerability
=======================================================
#[+] Discovered by : Xinapse
#[+] Site : firewire-security.com
#[+] Email : admin@firewire-security.com

=======================================================
=======================================================

#[+] Vulnerability : Admin/database auth bypass vulnerability
#[+] Software : Xataface - open source GPL, PHP, Mysql database software
#[+] Vendor : http://xataface.com
#[+] Usage : http://www.site.com/admin.php?-action=v ... -mode=list
#[+] Tested on : http://www.journeytherapeut.com/admin.p ... -mode=list
#[+] Alert : Most of the sites i tried running this software are vulnerable, only a few used .htaccess
#[+] Dork :"powered by dataface" "powered by xataface"
#[+] Description : With this i could edit/delete/create records in the database, create new admin accounts and view all the users and passwords.

#[+] Greetz :firewire-security team, b10h4z4rd, g3org3

Hackersoft

Nice release! I tried testing it but got no luck XD

F3Biohazard

Lol its definitely not private anymore its all over the web
And Inj3ct0r.com is claiming it as their own

Xin

What the FUCK, who owns fucking inj3ct0r.com (and its all over the web) as i submitted to packetstorm , milw0rm, exploit-db and security focus

F3Biohazard

lol i wouldnt call it "Private" if you submitted it everywhere...just saying :)

Xin

was private when it was uploaded,

GameOver

nice share Xinapse! thanks

Xin

Thanks :P yeah i was pleased with myself

Desert Fox ™

Nice share I cant wait to try it!

Howdy, Stranger!

Top Posters

Who's Online (0)