Title: ====== Maxdome Website - SQL Injection Vulnerability Date: ===== 2011-10-26 References: =========== http://www.vulnerability-lab.com/get_content.php?id=300 VL-ID: ===== 300 Introduction: ============= maxdome ist das Video-on-Demand-Angebot der ProSiebenSat.1 Media. Das Pay-per-View-Angebot ist das größte und am meisten genutzte im europäischen Raum. Erhältlich sind aktuelle Filme und Serien, oftmals sogar vor der eigentlichen TV-Ausstrahlung im Free- oder Pay-TV sowie eine Vielzahl an Comedy-Inhalten, Dokumentationen, Sport- und Musikvideos. (Copy of the Vendor Homepage: http://www.maxdome.com) Abstract: ========= Vulnerability-Lab researcher discovered a remote SQL Injection vulnerability on the famous Maxdome`s Portal (videothek) website. Report-Timeline: ================ 2010-12-14: Vendor Notification 2011-05-07: Vendor Response/Feedback 2011-09-03: Vendor Fix/Patch -> CHECK BY US! 2011-10-26: Public or Non-Public Disclosure Status: ======== Published Exploitation-Technique: ======================= Remote Severity: ========= Critical Details: ======== A remote SQL Injection vulnerability is detected on MaxDomes Videothek Portal website. The vulnerability allows an remote attacker to inject own sql commands over the weak id param request. Vulnerable Module(s): [+] Home Flash Video Componente Picture(s): ../sql1.png Proof of Concept: ================= The sql injection vulnerability can be exploited by remote attackers. For demonstration or reproduce ... Path: /php-bin/functions/home_flash/ File: homeflash.swf Para: ?id=