matnasnet cms sql injection vulnerability

2017.08.10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

==== {in the name of god} ==== ----------------------------------------- # exploit title: matnasnet sql injection vulnerability # date: 8/10/2017 # author: Ashiyane digital security team # vendor homepage :http://matnasnet.org.il # tested on : Windows 10 / chrome ----------------------------------------- # Google Dork : google drok: site:il inurl:Page.php?type= ----------------------------------------- # http://www.mhatzor.org.il/mobile/Page.php?type=event&id=1995 # http://www.matnas-sderot.org.il/mobile/Page.php?type=page&id=7 # http://www.tverya.org.il/page.php?type=shluha&id=93 # http://posmart.org.il/mobile/Page.php?type=SubPartition&id=170 # https://www.msng.org.il/mobile/Page.php?type=SubPartition&id=3 ----------------------------------------- #discovered by : sir shahroukh -----------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top