CVE-2006-2732

Mini-Nuke < 2.3 - SQL Injection via Your_Account.asp Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2732. PoCs published by Mustafa Can Bjorn.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in Mini-NUKE, with example URLs demonstrating unsanitized input in the 'kuladi', 'password', and 'theme' parameters. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.

Description

SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Mustafa Can Bjorn · textwebappsasp

https://www.exploit-db.com/exploits/27913

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in Mini-NUKE, with example URLs demonstrating unsanitized input in the 'kuladi', 'password', and 'theme' parameters. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Mini-NUKE

No auth needed

Prerequisites: Access to vulnerable Mini-NUKE installation

MITRE ATT&CK