facebook facebook twitter rss

Mangallam CMS Sql Injection Vulnerability

Author: Ashiyane Digital Security Team , Published: 29-01-2015
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+]Exploit Title : Mangallam CMS Sql Injection Vulnerability
[+]
[+]Exploit Author : Ashiyane Digital Security Team
[+]
[+]Vendor Homepage : http://www.jnvustudents.com/
[+]
[+]Google Dork ONE : intext:powered by : Mangallam
[+]
[+]Google Dork Two : inurl:/news_view.php?newsid= intext:Powered by : Mangallam
[+]
[+]Date : 21 / jan / 2015
[+]
[+]Tested On : windows se7en + linux Kali + Google Chrome + Mozilla + Pentest App
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>DESCRITION <~ ~ ~
[+]
[+] Mangallam CMS suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
[+] Mangallam CMS SQL injection vulnerabilities has been found and confirmed within the software as an anonymous user.
[+] A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database.
[+] The following URLs and parameters have been confirmed to suffer from SQL injection.
[+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~> Location <~ ~ ~
[+] SQL ERROR Location
[+] http://www.site.com/news_view.php?newsid=[SQL]
[+]
[+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~ ~~ ~> DEMO <~ ~ ~
[+]
[+]
[+] ERROR : http://www.readersshelf.com/news_view.php?newsid=90%27
[+]
[+] ERROR : http://www.hindpoultry.com/news_view.php?newsid=5%27
[+]
[+] ERROR : http://www.vibrantschool.com/news_view.php?newsid=3%27
[+]
[+] And Google More . . . \ .
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] MY Teacher : [+] SeRaVo.BlackHaT [+] + Unhex.coder + #N3T + Lupin 13 + AMOK + Milad.Hacking
[+] Mr.Time + SHD.N3T + MR.M@j!D + eb051 + RAMIN + ACC3SS + X3UR + 4li.BlackHat + 3cure BlackHat
[+] Dj.TiniVini + NoL1m1t + l4tr0d3ctism + r3d_s0urc3 + 0x0ptim0us + E1.Coders + Dr.3vil
[+] 0xTiger + C4T + Predator + Xodiak + soheil.hidd3n + Soldier + Spoofer + Cyb3r_Dr4in
[+] Net.editor + M3QDAD + M.R.S.CO + Hesam King + Evil Shadow + 3H34N + G3N3Rall + Mr.XHat
[+]
[+] And All Iranian Cyber Army ...\.
[+] Home : Ashiyane.org/Forum
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

Like us on Facebook :