[ http://www.rootshell.com/ ] From iclefire@iclebox.secretinfo.com Fri Feb 19 16:29:51 1999 Date: Fri, 19 Feb 1999 18:21:02 +0000 From: IcleFire To: news@rootshell.com Subject: hyperseek exploit exploit by IcleFire ok here it is. hyperseek is spose to be the best of the best search engine and database script you can grab at http://www.hyperseek.com/ for 300 damn dollars but you can get a demo for FREE... anyways this isnt as secure as its suppose to be... you can get into it easily and change there WHOLE sites layout... many sites run hyperseek so the creaters better create a patch for this looks like the guys that wrote this were critically short of clues.... anyways this is how you get into a hyperseek database and change the layout/template around http://localhost/dir_that_admin.cgi_is_in/admin.cgi?action=edit_file&filename=default this absolutely does not ask for a pass or anything just paste in a new layout and hit save... and changes the whole site :) enjoy!! IcleBox '99 baby -IcleFire