[ http://www.rootshell.com/ ]

From iclefire@iclebox.secretinfo.com Fri Feb 19 16:29:51 1999
Date: Fri, 19 Feb 1999 18:21:02 +0000
From: IcleFire <iclefire@iclebox.secretinfo.com>
To: news@rootshell.com
Subject: hyperseek exploit

exploit by IcleFire ok here it is. hyperseek is spose to be the best of the
best search engine and database script you can grab at
http://www.hyperseek.com/ for 300 damn dollars but you can get a demo for
FREE... anyways this isnt as secure as its suppose to be... you can get into
it easily and change there WHOLE sites layout...  many sites run hyperseek
so the creaters better create a patch for this looks like the guys that
wrote this were critically short of clues.... anyways this is how you get
into a hyperseek database and change the layout/template around

http://localhost/dir_that_admin.cgi_is_in/admin.cgi?action=edit_file&filename=default

this absolutely does not ask for a pass or anything just paste in a new
layout and hit save... and changes the whole site :) enjoy!!  IcleBox '99
baby

-IcleFire