matnasnet cms sql injection vulnerability

2017.08.10

Ashiyane Digital Security Team (US)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: google drok: site:il inurl:Page.php?type=

====    
{in the name of god}
====   
-----------------------------------------     
# exploit title: matnasnet sql injection vulnerability  
 
# date: 8/10/2017

# author: Ashiyane digital security team  
    
# vendor homepage :http://matnasnet.org.il

# tested on : Windows 10 / chrome    

-----------------------------------------       
  
# Google Dork : google drok: site:il   inurl:Page.php?type= 

-----------------------------------------         
#  http://www.mhatzor.org.il/mobile/Page.php?type=event&id=1995  

#  http://www.matnas-sderot.org.il/mobile/Page.php?type=page&id=7 

#  http://www.tverya.org.il/page.php?type=shluha&id=93 

#  http://posmart.org.il/mobile/Page.php?type=SubPartition&id=170 

#  https://www.msng.org.il/mobile/Page.php?type=SubPartition&id=3 

     
-----------------------------------------        
#discovered by : sir shahroukh     
-----------------------------------------  

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

matnasnet cms sql injection vulnerability

Dork: google drok: site:il inurl:Page.php?type=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.