CVE-2006-0199

This exploit demonstrates SQL injection and unauthorized password change vulnerabilities in MiniNuke 1.8.2 and prior versions. The SQLi allows remote attackers to extract user credentials, while the password change flaw enables attackers to reset any user's password without authentication.

This Perl script exploits a SQL injection vulnerability in MiniNuke CMS (versions <= 1.8.2) to extract user password hashes by manipulating the 'hid' parameter in the 'news.asp' endpoint. It supports proxy usage and targets a specific user ID.