Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro
Nov 08 2014 11:39AM
Pedro Ribeiro (pedrib gmail com)
This is part 7 of the ManageOwnage series. For previous parts, see .
Today we have a blind SQL injection in Password Manager Pro (PMP) that
can be abused to escalate privileges for a low privileged user (like a
guest) to the "super administrator". Using our new powers we can then
dump the w...
[ more ]
Copyright 2010, SecurityFocus