matnasnet cms sql injection vulnerability

====    
{in the name of god}
====   
-----------------------------------------     
# exploit title: matnasnet sql injection vulnerability  
 
# date: 8/10/2017

# author: Ashiyane digital security team  
    
# vendor homepage :http://matnasnet.org.il

# tested on : Windows 10 / chrome    

-----------------------------------------       
  
# Google Dork : google drok: site:il   inurl:Page.php?type= 

-----------------------------------------         
#  http://www.mhatzor.org.il/mobile/Page.php?type=event&id=1995  

#  http://www.matnas-sderot.org.il/mobile/Page.php?type=page&id=7 

#  http://www.tverya.org.il/page.php?type=shluha&id=93 

#  http://posmart.org.il/mobile/Page.php?type=SubPartition&id=170 

#  https://www.msng.org.il/mobile/Page.php?type=SubPartition&id=3 

     
-----------------------------------------        
#discovered by : sir shahroukh     
-----------------------------------------