header-logo
Suggest Exploit
vendor:
SePortal
by:
Don (BalcanCrew & BalcanHack)
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SePortal
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: NO
Related CWE: N/A
CPE: a:seportal:seportal:2.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: LiteSpeed
2011

SePortal 2.5 SQL Injection

A vulnerability exists in SePortal 2.5 which allows an attacker to inject malicious SQL queries into the 'redirect.php' script. This can be exploited to gain access to sensitive information from the database.

Mitigation:

Filter metacharacters from user input.
Source

Exploit-DB raw data:

############################################################################
# Exploit Title: SePortal 2.5 SQL Injection
# Google Dork: Powered by SePortal 2.5
# Date: Decembar/08/2011
# Author: Don (BalcanCrew & BalcanHack)
# Software Link: http://seportal.org
# Version: 2.5
# Tested on: LiteSpeed
############################################################################

Vulnerability:
http://server/redirect.php?action=banner&goto= (SQL)

How to fix this vulnerability:
Filter metacharacters from user input.

~Don 2011

Navigation

Suggest Exploit

Services By CQR