This advisory details an SQL injection vulnerability in ASP Nuke 0.80, specifically in the article.asp file where user-supplied input via the 'articleid' parameter is not properly sanitized. The writeup includes vulnerable code snippets, example exploit URLs, and a description of how to extract admin credentials.
Classification
Writeup 90%
Target:
ASP Nuke 0.80
No auth needed
Prerequisites:
Access to the vulnerable ASP Nuke instance