2Staff


 

SePortal 2.5 SQL Injection / Remote Code Execution

This Metasploit module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user session. After logging in, the "/admin/downloads.php" page will be used to upload arbitrary code.

Bron

Titel: Files Date: 2014-03-01 to 2014-03-31 ≈ Packet Storm

Onze klanten
Contact

Duwboot 6
3991 CD HOUTEN
Postbus 123
3990 DC Houten

T 030- 600 5000
F 030- 600 5001
E info@2staff.nl