[35481] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ZWS Newsletter & Mailing List Manager

daemon@ATHENA.MIT.EDU (GaMeS GaMeS)
Thu Jun 24 20:14:51 2004

Date: 24 Jun 2004 18:07:08 -0000
Message-ID: <20040624180708.25873.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: GaMeS GaMeS <bzh_mrim@yahoo.fr>
To: bugtraq@securityfocus.com

hello , i'm a frenchy boy and excuse me for my bad english...

i decover a bug in the newsletter ZWS , 

http://www.target.com/newsletter/admin.php?f=list_user&uname=test&ulevel=1

with this , you can list all user register in the newsletter with respective password.

after u log with a account Admin , u can create User , delete user , etc...

The variable "uname=test" define the nick to connect , 
"ulevel=1" define the level of this nick but 1 is Admin account.

if u want more explication , reply ;)

Bye

GaMeS


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[35481] in bugtraq

ZWS Newsletter & Mailing List Manager

daemon@ATHENA.MIT.EDU (GaMeS GaMeS)Thu Jun 24 20:14:51 2004

daemon@ATHENA.MIT.EDU (GaMeS GaMeS)
Thu Jun 24 20:14:51 2004