Help
-
Search
-
Member List
-
Calendar
Full Version:
Zws Newsletter & Mailing List Manager
GovernmentSecurity.org
>
The Archives
>
Exploit Articles
qcred11
Jun 25 2004, 02:52 PM
QUOTE
i decover a bug in the
newsletter ZWS
,
http://www.target.com/newsletter/admin.php...e=test&ulevel=1
with this , you can list all user register in the newsletter with respective password.
after u log with a account Admin , u can create User , delete user , etc...
The variable "uname=test" define the nick to connect ,
"ulevel=1" define the level of this nick but 1 is Admin account.
if u want more explication , reply
Bye
GaMeS
Source:
http://seclists.org/lists/bugtraq/2004/Jun/0406.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here
.
Invision Power Board © 2001-2005
Invision Power Services, Inc.
