SePortal 2.5 – SQL Injection (1)

Exploit Database
88 阅读

作者： Don

日期： 2011-12-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/18222/

############################################################################
# Exploit Title: SePortal 2.5 SQL Injection
# Google Dork: Powered by SePortal 2.5
# Date: Decembar/08/2011
# Author: Don (BalcanCrew & BalcanHack)
# Software Link: http://seportal.org
# Version: 2.5
# Tested on: LiteSpeed
############################################################################

Vulnerability:
http://server/redirect.php?action=banner&goto= (SQL)

How to fix this vulnerability:
Filter metacharacters from user input.

~Don 2011

last Exploits
SePortal 2.5 – SQL Injection (1)的更多信息

iTech Business Networking Script 8.26 – SQL Injection：
Netman 204 – Backdoor Account / Password Reset：
Escort Marketplace 1.0 – SQL Injection：
MetInfo 2.0 – PHP Code Injection：
JavaBB 0.99 – ‘userId’ Cross-Site Scripting：
Cetera eCommerce – Multiple Cross-Site Scripting / SQL Injections：
PSNews Website 1.0.0 – ‘Keywords’ SQL Injection：
awiki 20100125 – Multiple Local File Inclusions：