#################################################################################################
# Exploit Title : Design and Developed by TechSparkIT Limited Bangladesh Education Unauthorized Insert File Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 13/11/2018
# Vendor Homepage : techsparkit.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Design and Developed by : TechSparkIT Ltd.'' site:edu.bd
intext:''Design and Developed By : TechSparkIT Limited'' site:edu.bd
intext:''Powered by : TechSparkIT Ltd.'' site:edu.bd
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]
#################################################################################################
# Admin Panel Login Path :
/backend/web/login
/login
# Exploit :
/site/admission
+ Fill the Form Random but correctly. Online Student Submission Form
+ After Submission of the your uploaded file - it says ;
+ Thank You ! Your application is now waiting for admin approval. You will get a sms after final approval.
+ But we don't know exactly where the file is uploaded. Search for directory file paths.
# Directory File Path :
/media/student/TARGETDOMAIN.edu.bd/[RANDOM-NUMBERS]_[YOURFILENAME.gif]
/media/father/[RANDOM-NUMBERS]_[YOURFILENAME.gif]
/media/mother/[RANDOM-NUMBERS]_[YOURFILENAME.gif]
#################################################################################################
# Example Vulnerable Sites :
[+] istdiploma.edu.bd/site/admission => [ Proof of Concept for Vulnerability ] => archive.fo/VCfnk
[+] cbiu.ac.bd/site/admission [+] npa.edu.bd/site/admission [+] dpti.edu.bd/site/admission
[+] dpc.edu.bd/site/admission [+] uteiraj.edu.bd/site/admission [+] thenorth.edu.bd/site/admission
[+] spiraj.edu.bd/site/admission [+] pirgonjpoly.edu.bd/site/admission [+] badarganjghs.edu.bd/site/admission
[+] bhsd.edu.bd/site/admission [+] alfatah.edu.bd/site/admission [+] eastpoint.edu.bd/site/admission
[+] dmacademy.edu.bd/site/admission [+] dhfs.edu.bd/site/admission [+] holyfaithbidyapith.edu.bd/site/admission
[+] nurmhs.edu.bd/site/admission [+] novation.edu.bd/site/admission [+] newcambridge.edu.bd/site/admission
[+] nalamsc.edu.bd/site/admission [+] mbkhschool.edu.bd/site/admission [+] lyceummacsc.edu.bd/site/admission
[+] kalkinipghs.edu.bd/site/admission [+] jkgsc.edu.bd/site/admission [+] skham.edu.bd/site/admission
[+] rainbowschool.edu.bd/site/admission [+] provideschool.edu.bd/site/admission [+] philosophia.edu.bd/site/admission
[+] nvsc.edu.bd/site/admission [+] uttamschoolandcollegerangpur.edu.bd/site/admission
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################