matnasnet cms sql injection vulnerability

Published
Credit
Risk
2017.08.10
Ashiyane Digital Security Team
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: google drok: site:il inurl:Page.php?type=

====
{in the name of god}
====
-----------------------------------------
# exploit title: matnasnet sql injection vulnerability

# date: 8/10/2017

# author: Ashiyane digital security team

# vendor homepage :http://matnasnet.org.il

# tested on : Windows 10 / chrome

-----------------------------------------

# Google Dork : google drok: site:il inurl:Page.php?type=

-----------------------------------------
# http://www.mhatzor.org.il/mobile/Page.php?type=event&id=1995

# http://www.matnas-sderot.org.il/mobile/Page.php?type=page&id=7

# http://www.tverya.org.il/page.php?type=shluha&id=93

# http://posmart.org.il/mobile/Page.php?type=SubPartition&id=170

# https://www.msng.org.il/mobile/Page.php?type=SubPartition&id=3


-----------------------------------------
#discovered by : sir shahroukh
-----------------------------------------


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com