TUCoPS :: Password Security :: hypers~1.txt

The HyperSeek search engine admin interface by default is not password protected. 


[ http://www.rootshell.com/ ]

From iclefire@iclebox.secretinfo.com Fri Feb 19 16:29:51 1999
Date: Fri, 19 Feb 1999 18:21:02 +0000
From: IcleFire <iclefire@iclebox.secretinfo.com>
To: news@rootshell.com
Subject: hyperseek exploit

exploit by IcleFire ok here it is. hyperseek is spose to be the best of the
best search engine and database script you can grab at
http://www.hyperseek.com/ for 300 damn dollars but you can get a demo for
FREE... anyways this isnt as secure as its suppose to be... you can get into
it easily and change there WHOLE sites layout...  many sites run hyperseek
so the creaters better create a patch for this looks like the guys that
wrote this were critically short of clues.... anyways this is how you get
into a hyperseek database and change the layout/template around

http://localhost/dir_that_admin.cgi_is_in/admin.cgi?action=edit_file&filename=default

this absolutely does not ask for a pass or anything just paste in a new
layout and hit save... and changes the whole site :) enjoy!!  IcleBox '99
baby

-IcleFire

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH