BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro Nov 08 2014 11:39AM
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 7 of the ManageOwnage series. For previous parts, see [1].

Today we have a blind SQL injection in Password Manager Pro (PMP) that
can be abused to escalate privileges for a low privileged user (like a
guest) to the "super administrator". Using our new powers we can then
dump the w...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus