COMMAND

    Hyperseek

SYSTEMS AFFECTED

    Hyperseek

PROBLEM

    IcleFire found following.   hyperseek is spose  to be the  best of
    the  best  search  engine  and  database  script  you  can grab at
    http://www.hyperseek.com/ for 300US$, but  you can get a  demo for
    FREE... Anyway, this isn't as secure as its suppose to be...

    You can get  into it easily  and change there  WHOLE sites layout.
    Many sites run hyperseek so the creaters better create a patch for
    this.  Anyway, this is how  you get into a hyperseek database  and
    change the layout/template around:

        http://localhost/dir_that_admin.cgi_is_in/admin.cgi?action=edit_file&filename=default

    This absolutely does not ask for a pass or anything just paste  in
    a new layout and hit save and changes the whole site.

SOLUTION

    Nothing yet.