Mangallam SQL Injection

2015.01.22
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:/news_view.php?newsid= intext:Powered by : Mangallam

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+]Exploit Title : Mangallam CMS Sql Injection Vulnerability [+] [+]Exploit Author : Ashiyane Digital Security Team [+] [+]Vendor Homepage : http://www.jnvustudents.com/ [+] [+]Google Dork ONE : intext:powered by : Mangallam [+] [+]Google Dork Two : inurl:/news_view.php?newsid= intext:Powered by : Mangallam [+] [+]Date : 21 / jan / 2015 [+] [+]Tested On : windows se7en + linux Kali + Google Chrome + Mozilla + Pentest App [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>DESCRITION <~ ~ ~ [+] [+] Mangallam CMS suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data. [+] Mangallam CMS SQL injection vulnerabilities has been found and confirmed within the software as an anonymous user. [+] A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database. [+] The following URLs and parameters have been confirmed to suffer from SQL injection. [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~> Location <~ ~ ~ [+] SQL ERROR Location [+] http://www.site.com/news_view.php?newsid=[SQL] [+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~ ~~ ~> DEMO <~ ~ ~ [+] [+] [+] ERROR : http://www.readersshelf.com/news_view.php?newsid=90%27 [+] [+] ERROR : http://www.hindpoultry.com/news_view.php?newsid=5%27 [+] [+] ERROR : http://www.vibrantschool.com/news_view.php?newsid=3%27 [+] [+] And Google More . . . \ . [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] MY Teacher : [+] SeRaVo.BlackHaT [+] + Unhex.coder + #N3T + Lupin 13 + AMOK + Milad.Hacking [+] Mr.Time + SHD.N3T + MR.M@j!D + eb051 + RAMIN + ACC3SS + X3UR + 4li.BlackHat + 3cure BlackHat [+] Dj.TiniVini + NoL1m1t + l4tr0d3ctism + r3d_s0urc3 + 0x0ptim0us + E1.Coders + Dr.3vil [+] 0xTiger + C4T + Predator + Xodiak + soheil.hidd3n + Soldier + Spoofer + Cyb3r_Dr4in [+] Net.editor + M3QDAD + M.R.S.CO + Hesam King + Evil Shadow + 3H34N + G3N3Rall + Mr.XHat [+] [+] And All Iranian Cyber Army ...\. [+] Home : Ashiyane.org/Forum [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top