Webspell 4.X safe_query Bypass Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Webspell 4.X safe_query Bypass Vulnerability
# Published : 2010-09-29
# Author : silent vapor
# Previous Title : Webspell wCMS-Clanscript4.01.02net<= static&static Blind SQL Injection Vulnerability
# Next Title : Webspell 4.2.1 asearch.php SQL Injection Vulnerability

################# INFORMATION ##################################################
+Name : Webspell 4.X safe_query bypass Vulnerability
+Author : silent vapor
+Date   : 29.09.2010
+Script  : webspell
+Price : free
+Language :PHP
+Discovered by silent vapor
+Underground Agents
+Greetz to Team-Internet, 4004-Security-Project, Easy Laster
################################################################################

+Vulnerability : webspell_settings.php "function safe_query"

+Exploitable   : %20UNION+/**/+SELECT%20

################################################################################