Search...

NITRO Web Gallery SQL Injection Vulnerability

2010-05-25T00:00:00

ID EDB-ID:12735
Type exploitdb
Reporter cyberlog
Modified 2010-05-25T00:00:00

Description

NITRO Web Gallery SQL Injection Vulnerability. CVE-2010-2141. Webapps exploit for php platform

                                        
                                            ===============================================
NITRO Web Gallery SQL Injection Vulnerability
===============================================


               __                  __               
 .----..--.--.|  |--..-----..----.|  |.-----..-----.
 |  __||  |  ||  _  ||  -__||   _||  ||  _  ||  _  |
 |____||___  ||_____||_____||__|  |__||_____||___  |
       |_____|                               |_____|

####################################################
# NITRO Web Gallery SQL Injection Vulnerability
####################################################
# Vendor:http://www.nitropowered.net/
# Discovered by : cyberlog
# Site          : Sekuritionline.net
# Channel       : #SekuritiOnline [ Now Just My Bot ] :P
# Dork          : "(C) This site is NITROpowered!"

# Exploit       : [site]/index.php?section=pictures&action=open&PictureId=[SQL Injection]
                  
# Thanks        : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,
                  jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL,blindboy,sukam,
                  SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan Kabrutz,Mathews,aurel666,Inoef,dbanie

# special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a antisecurity [ pinjem script perl-na ] :), 
# Inj3ct0r Now Brothers with Sekuritionline
                
####################################################
# Demo: 
# http://localhost/index.php?section=pictures&action=open&PictureId=[SQL Injection]

####################################################

We never die !!!! indonesian Underground Community
!!!!! anjing buat oknum Pemerintah yang suka nilep uang rakyat !!!
!!!!! anjing juga buat admin site indon3sia yang merasa sok h3bat, dikasih tahu ada hole malah nyolot !!!!!

KacrUt I h@te U :P [ jika kau tidak mau aku katakan LOv3 ]
Give me NOCAN Brothers :P
am nt hacker just Lik3 Syst3m S3curity







                __                  __  __    __                __  __               
 .-----..-----.|  |--..--.--..----.|__||  |_ |__|.-----..-----.|  ||__|.-----..-----.
 |__ --||  -__||    &lt; |  |  ||   _||  ||   _||  ||  _  ||     ||  ||  ||     ||  -__|
 |_____||_____||__|__||_____||__|  |__||____||__||_____||__|__||__||__||__|__||_____|

JSON Vulners Source

Initial Source

{"id": "EDB-ID:12735", "type": "exploitdb", "bulletinFamily": "exploit", "title": "NITRO Web Gallery SQL Injection Vulnerability", "description": "NITRO Web Gallery SQL Injection Vulnerability. CVE-2010-2141. Webapps exploit for php platform", "published": "2010-05-25T00:00:00", "modified": "2010-05-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/12735/", "reporter": "cyberlog", "references": [], "cvelist": ["CVE-2010-2141"], "lastseen": "2016-02-01T17:13:56", "viewCount": 5, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2016-02-01T17:13:56", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2141"]}], "modified": "2016-02-01T17:13:56", "rev": 2}, "vulnersScore": 7.3}, "sourceHref": "https://www.exploit-db.com/download/12735/", "sourceData": "===============================================\r\nNITRO Web Gallery SQL Injection Vulnerability\r\n===============================================\r\n\r\n\r\n __ __ \r\n .----..--.--.| |--..-----..----.| |.-----..-----.\r\n | __|| | || _ || -__|| _|| || _ || _ |\r\n |____||___ ||_____||_____||__| |__||_____||___ |\r\n |_____| |_____|\r\n\r\n####################################################\r\n# NITRO Web Gallery SQL Injection Vulnerability\r\n####################################################\r\n# Vendor:http://www.nitropowered.net/\r\n# Discovered by : cyberlog\r\n# Site : Sekuritionline.net\r\n# Channel : #SekuritiOnline [ Now Just My Bot ] :P\r\n# Dork : \"(C) This site is NITROpowered!\"\r\n\r\n# Exploit : [site]/index.php?section=pictures&action=open&PictureId=[SQL Injection]\r\n \r\n# Thanks : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,\r\n jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL,blindboy,sukam,\r\n SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan Kabrutz,Mathews,aurel666,Inoef,dbanie\r\n\r\n# special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a antisecurity [ pinjem script perl-na ] :), \r\n# Inj3ct0r Now Brothers with Sekuritionline\r\n \r\n####################################################\r\n# Demo: \r\n# http://localhost/index.php?section=pictures&action=open&PictureId=[SQL Injection]\r\n\r\n####################################################\r\n\r\nWe never die !!!! indonesian Underground Community\r\n!!!!! anjing buat oknum Pemerintah yang suka nilep uang rakyat !!!\r\n!!!!! anjing juga buat admin site indon3sia yang merasa sok h3bat, dikasih tahu ada hole malah nyolot !!!!!\r\n\r\nKacrUt I h@te U :P [ jika kau tidak mau aku katakan LOv3 ]\r\nGive me NOCAN Brothers :P\r\nam nt hacker just Lik3 Syst3m S3curity\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n __ __ __ __ __ __ \r\n .-----..-----.| |--..--.--..----.|__|| |_ |__|.-----..-----.| ||__|.-----..-----.\r\n |__ --|| -__|| < | | || _|| || _|| || _ || || || || || -__|\r\n |_____||_____||__|__||_____||__| |__||____||__||_____||__|__||__||__||__|__||_____|\r\n\r\n\r\n \r\n", "osvdbidlist": ["65120"]}

{"cve": [{"lastseen": "2020-10-03T11:57:25", "description": "SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.", "edition": 3, "cvss3": {}, "published": "2010-06-02T19:30:00", "title": "CVE-2010-2141", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2141"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:nitropowered:nitro_web_gallery:1.4.2", "cpe:/a:nitropowered:nitro_web_gallery:1.4.3a", "cpe:/a:nitropowered:nitro_web_gallery:1.4", "cpe:/a:nitropowered:nitro_web_gallery:1.3", "cpe:/a:nitropowered:nitro_web_gallery:1.4.1", "cpe:/a:nitropowered:nitro_web_gallery:1.4.3"], "id": "CVE-2010-2141", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2141", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:nitropowered:nitro_web_gallery:1.4.3a:*:*:*:*:*:*:*", "cpe:2.3:a:nitropowered:nitro_web_gallery:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:nitropowered:nitro_web_gallery:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:nitropowered:nitro_web_gallery:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:nitropowered:nitro_web_gallery:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:nitropowered:nitro_web_gallery:1.4.2:*:*:*:*:*:*:*"]}]}