Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Aria-Security.net: CoolShot E-Lite POS 1.0

from [coolshot] Network Security [Permanent Link]
Subject: Re: Aria-Security.net: CoolShot E-Lite POS 1.0
Date: 30 Nov 2007 12:35:00 -0000 
Cheers guys :)
I'll check and fix this issue asap, although i'd like to point out a couple 
things:
* The tool itself isn't meant to be accessible from the internet when used in a 
production environment. It's been developed as an inventory management tool and 
POS system and as such it should be normally used in an intranet if not a local 
system completely disconnected from a network.
Such a scenario would greatly reduce the chance of an external attack.
* The tool is a beta and honestly not being developed anymore as there's little 
to no interest on it :)
I decided to publish it on my site for free 'as is'
* It would be actually cool if someone bothered to inform me of such security 
hole ;).
I discovered it just by chance because i noticed that a few sites like this one 
were backlinking to my site...
I am not developing the tool anymore and despite the fact there's still people 
who registers on my forum and downloads it i have no feedbacks or requests that 
might make me want to put my hands on it to develop it further.
I'll just check this issue, as i find it challenging, and fix it but sure won't 
go any deeper than that :)

bottom line:
thanks for the info, even if i had to discover it myself. It will sure be a 
good exercise for me ;)
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script, research
Next by Date:  27Mhz based wireless security insecurities - Aka - "We know what you typed last summer", Max Moser
Previous by Thread:  Aria-Security.net: CoolShot E-Lite POS 1.0, no-reply
Next by Thread:  PBLang <= 4.99.17.q Remote File Rewriting / Remote Command Execution, kingoftheworld92
Indexes:  [Date] [Thread] [Top] [All Lists]