Re: BellaBook Admin Bypass/Remote Code Execution

From: jem@jemjabella.co.uk
To: bugtraq@securityfocus.com
Cc:
Subject: Re: BellaBook Admin Bypass/Remote Code Execution
Date:


As with your so-called bypass of BellaBiblio, this is not actually correct.

You state that with the username you can gain access to the login page - but you seem to have missed the fact that the password and totally random salt are needed too? 

Furthermore, you're using a script designed to bypass pheap login features with a few modifications - that does nothing to my scripts.





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.