Mangallam SQL Injection

2015-01-21T00:00:00
ID PACKETSTORM:130034
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2015-01-21T00:00:00

Description

                                        
                                            `[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  
[+]   
[+]Exploit Title : Mangallam CMS Sql Injection Vulnerability   
[+]   
[+]Exploit Author : Ashiyane Digital Security Team   
[+]   
[+]Vendor Homepage : http://www.jnvustudents.com/   
[+]   
[+]Google Dork ONE : intext:powered by : Mangallam  
[+]   
[+]Google Dork Two : inurl:/news_view.php?newsid= intext:Powered by : Mangallam   
[+]   
[+]Date : 21 / jan / 2015   
[+]   
[+]Tested On : windows se7en + linux Kali + Google Chrome + Mozilla + Pentest App   
[+]   
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  
[+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>DESCRITION <~ ~ ~   
[+]   
[+] Mangallam CMS suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.  
[+] Mangallam CMS SQL injection vulnerabilities has been found and confirmed within the software as an anonymous user.  
[+] A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database.  
[+] The following URLs and parameters have been confirmed to suffer from SQL injection.   
[+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~> Location <~ ~ ~   
[+] SQL ERROR Location   
[+] http://www.site.com/news_view.php?newsid=[SQL]   
[+]   
[+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~ ~~ ~> DEMO <~ ~ ~   
[+]  
[+]  
[+] ERROR : http://www.readersshelf.com/news_view.php?newsid=90%27  
[+]  
[+] ERROR : http://www.hindpoultry.com/news_view.php?newsid=5%27  
[+]  
[+] ERROR : http://www.vibrantschool.com/news_view.php?newsid=3%27  
[+]   
[+] And Google More . . . \ .  
[+]  
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  
[+]  
[+] MY Teacher : [+] SeRaVo.BlackHaT [+] + Unhex.coder + #N3T + Lupin 13 + AMOK + Milad.Hacking   
[+] Mr.Time + SHD.N3T + MR.M@j!D + eb051 + RAMIN + ACC3SS + X3UR + 4li.BlackHat + 3cure BlackHat  
[+] Dj.TiniVini + NoL1m1t + l4tr0d3ctism + r3d_s0urc3 + 0x0ptim0us + E1.Coders + Dr.3vil  
[+] 0xTiger + C4T + Predator + Xodiak + soheil.hidd3n + Soldier + Spoofer + Cyb3r_Dr4in  
[+] Net.editor + M3QDAD + M.R.S.CO + Hesam King + Evil Shadow + 3H34N + G3N3Rall + Mr.XHat  
[+]   
[+] And All Iranian Cyber Army ...\.  
[+] Home : Ashiyane.org/Forum  
[+]  
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  
`