XAOS CMS - SQL Injection

2010-07-25T00:00:00
ID EXPLOITPACK:895D2062669CCC15492906E9566D34A0
Type exploitpack
Reporter H-SK33PY
Modified 2010-07-25T00:00:00

Description

XAOS CMS - SQL Injection

                                        
                                            # Exploit Title: XAOS CMS SQL Injection Vulnerability            
# Date: 25/07/2010                             
# Author: H-SK33PY                      
# Software Link: http://www.xaos.it/
# Version: N/A
# Google dork : Powered by XAOS systems
# Platform / Tested on: linux
# Category: webapplications
# Code : [SQLi] & [BSQLi]


   010101010101010101010101010101010101010101010101010101010    
   0                                                       0
   1  Iranian Datacoders Security Team 2010
   0                                                       0
   010101010101010101010101010101010101010101010101010101010

#BUG:#########################################################################

After find bug on the sites , run this :

http://site.com/index.php?m=1[SQLi]

If you can not inject run Blind SQL Injection

http://site.com/index.php?m=1[BSQLi]



#############################################################################
Website : http://www.datacoders.ir

Special Thanks to : ccC0d3rZzz & all iranian datacoders members

#############################################################################