SePortal 2.5 – SQL Injection (1)

• Exploit Database
• 15 阅读

• 作者： Don
  日期： 2011-12-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18222/

• ############################################################################
  # Exploit Title: SePortal 2.5 SQL Injection
  # Google Dork: Powered by SePortal 2.5
  # Date: Decembar/08/2011
  # Author: Don (BalcanCrew & BalcanHack)
  # Software Link: http://seportal.org
  # Version: 2.5
  # Tested on: LiteSpeed
  ############################################################################
  
  Vulnerability:
  http://server/redirect.php?action=banner&goto= (SQL)
  
  How to fix this vulnerability:
  Filter metacharacters from user input.
  
  ~Don 2011