Contrexx CMS egov Module 1.0.0 - SQL Injection

Author: hamidreza borghei
type: webapps
platform: php
port: 80.0
date_added: 2016-09-13 
date_updated: 2016-09-27 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcontrexx-opensource-1.0.zip

# Exploit Title: Contrexx CMS:egov moudle SQL injection
# Google Dork: inurl:?section=egov
# Date: 12/9/2016
# Exploit Author: hamidreza borghei
# Software Link: https://www.cloudrexx.com/de/index.php?section=downloads&cmd=7&category=8
# Version: 1.0.0
# Tested on: linux

sql injection in id parameter:

http://server/index.php?section=egov&cmd=details&id=[sql query]