SePortal 2.5 SQL Injection

2011-12-09T00:00:00
ID PACKETSTORM:107706
Type packetstorm
Reporter Don from BalcanCrew
Modified 2011-12-09T00:00:00

Description

                                        
                                            `############################################################################  
# Exploit Title: SePortal 2.5 SQL Injection  
# Google Dork: Powered by SePortal 2.5  
# Date: Decembar/08/2011  
# Author: Don (BalcanCrew & BalcanHack)  
# Software Link: http://seportal.org  
# Version: 2.5  
# Tested on: LiteSpeed  
############################################################################  
  
Vulnerability:  
http://server/redirect.php?action=banner&goto= (SQL)  
  
How to fix this vulnerability:  
Filter metacharacters from user input.  
  
~Don 2011  
  
`