facebook facebook twitter rss

Design and Developed by TechSparkIT Limited Bangladesh Education Unauthorized Insert File Vulnerability

Author: KingSkrupellos , Published: 16-11-2018
# Exploit Title : Design and Developed by TechSparkIT Limited Bangladesh Education Unauthorized Insert File Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 13/11/2018
# Vendor Homepage : techsparkit.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Design and Developed by : TechSparkIT Ltd.'' site:edu.bd
intext:''Design and Developed By : TechSparkIT Limited'' site:edu.bd
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]

#################################################################################################

# Admin Panel Login Path :

# Exploit :

/site/admission

+ Fill the Form Random but correctly. Online Student Submission Form

+ After Submission of the your uploaded file - it says ;

+ Thank You ! Your application is now waiting for admin approval. You will get a sms after final approval.

+ But we don't know exactly where the file is uploaded. Search for directory file paths.

# Directory File Path :

/media/student/TARGETDOMAIN.edu.bd/[RANDOM-NUMBERS]_[YOURFILENAME.gif]

/media/father/[RANDOM-NUMBERS]_[YOURFILENAME.gif]

/media/mother/[RANDOM-NUMBERS]_[YOURFILENAME.gif]

#################################################################################################

# Example Vulnerable Sites :

[+] istdiploma.edu.bd/site/admission => [ Proof of Concept for Vulnerability ] => archive.fo/VCfnk

[+] cbiu.ac.bd/site/admission [+] npa.edu.bd/site/admission [+] dpti.edu.bd/site/admission

[+] dpc.edu.bd/site/admission [+] uteiraj.edu.bd/site/admission [+] thenorth.edu.bd/site/admission

[+] spiraj.edu.bd/site/admission [+] pirgonjpoly.edu.bd/site/admission [+] badarganjghs.edu.bd/site/admission

[+] bhsd.edu.bd/site/admission [+] alfatah.edu.bd/site/admission [+] eastpoint.edu.bd/site/admission

[+] dmacademy.edu.bd/site/admission [+] dhfs.edu.bd/site/admission [+] holyfaithbidyapith.edu.bd/site/admission

[+] nurmhs.edu.bd/site/admission [+] novation.edu.bd/site/admission [+] newcambridge.edu.bd/site/admission

[+] nalamsc.edu.bd/site/admission [+] mbkhschool.edu.bd/site/admission [+] lyceummacsc.edu.bd/site/admission

[+] kalkinipghs.edu.bd/site/admission [+] jkgsc.edu.bd/site/admission [+] skham.edu.bd/site/admission

[+] rainbowschool.edu.bd/site/admission [+] provideschool.edu.bd/site/admission [+] philosophia.edu.bd/site/admission

[+] nvsc.edu.bd/site/admission [+] uttamschoolandcollegerangpur.edu.bd/site/admission

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :