[30898] in bugtraq
Re: e107 website system Vulnerability
daemon@ATHENA.MIT.EDU (Tjebbe de Winter)
Fri Jul 25 14:31:17 2003
Date: Fri, 25 Jul 2003 17:13:15 +0200
From: Tjebbe de Winter <Tjebbe.deWinter_@nospam.cysonet.com>
To: bugtraq@securityfocus.com
Message-ID: <20030725171315.A21545@tiberium.cysonet.com>
Reply-To: Tjebbe de Winter <Tjebbe.deWinter_@nospam.cysonet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BAY7-F73KGEJ0wckvJD0000153f@hotmail.com>; from xj3wlzx@hotmail.com on Thu, Jul 24, 2003 at 03:30:43PM -0500
On Thu, Jul 24, 2003 at 03:30:43PM -0500, nokio x0 wrote:
> Heh, I every site that i've come across running the e107 portal seems to ask
> for admin login before you could use this exploit...Are you sure all
> versions are vulnerable? Doesn't even work on my own system without asking
> for login.
See: http://e107.org/news.php
If you post the dump_sql variable with method POST, it'll work.
Regards,
---
Tjebbe...
-------------------------------------------------------------------------------
Tjebbe de Winter | Cysonet Managed Hosting | tjebbe @ cysonet.com
tel. +31 20 4703339 | Managing the buzzwords. | http://cyso.nl
-------------------------------------------------------------------------------
