[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Aria-Security.net: CoolShot E-Lite POS 1.0
From:       coolshot () _nospam_coolshot ! net
Date:       2007-11-30 12:35:00
Message-ID: 20071130123500.17620.qmail () securityfocus ! com
[Download RAW message or body]

Cheers guys :)
I'll check and fix this issue asap, although i'd like to point out a couple things:
* The tool itself isn't meant to be accessible from the internet when used in a \
production environment. It's been developed as an inventory management tool and POS \
system and as such it should be normally used in an intranet if not a local system \
completely disconnected from a network. Such a scenario would greatly reduce the \
                chance of an external attack.
* The tool is a beta and honestly not being developed anymore as there's little to no \
interest on it :) I decided to publish it on my site for free 'as is'
* It would be actually cool if someone bothered to inform me of such security hole \
;). I discovered it just by chance because i noticed that a few sites like this one \
were backlinking to my site... I am not developing the tool anymore and despite the \
fact there's still people who registers on my forum and downloads it i have no \
feedbacks or requests that might make me want to put my hands on it to develop it \
further. I'll just check this issue, as i find it challenging, and fix it but sure \
won't go any deeper than that :)

bottom line:
thanks for the info, even if i had to discover it myself. It will sure be a good \
exercise for me ;)


[prev in list] [next in list] [prev in thread] [next in thread]