# Exploit Title: SQL Injection in “ EduWeb Portal “ #----------------------------------------------------------------------------------------- # Exploit Author: Mehdi Razmjoo ( razmjumehdi@gmail.com ) #----------------------------------------------------------------------------------------- # Date: 2018.08.28 #----------------------------------------------------------------------------------------- # Vendor Homepage: http://www.myschoolinfo.in #----------------------------------------------------------------------------------------- # Category: Web Application #----------------------------------------------------------------------------------------- # Dork: — #----------------------------------------------------------------------------------------- # Vulnerability Path: http://Server/photo-gallery.php?Id=[SQLi] #----------------------------------------------------------------------------------------- #Tested On: Kali 2018 #----------------------------------------------------------------------------------------- #