SePortal 2.5 - SQL Injection (1)

Author: Don
type: webapps
platform: php
port: 
date_added: 2011-12-09 
date_updated: 2016-12-14 
verified: 0 
codes: OSVDB-77591 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comseportal2.5.zip

############################################################################
# Exploit Title: SePortal 2.5 SQL Injection
# Google Dork: Powered by SePortal 2.5
# Date: Decembar/08/2011
# Author: Don (BalcanCrew & BalcanHack)
# Software Link: http://seportal.org
# Version: 2.5
# Tested on: LiteSpeed
############################################################################

Vulnerability:
http://server/redirect.php?action=banner&goto= (SQL)

How to fix this vulnerability:
Filter metacharacters from user input.

~Don 2011