# Exploit Title: SQL Injection in “ EduWeb Portal “ #----------------------------------------------------------------------------------------- # Exploit Author: Mehdi Razmjoo ( razmjumehdi@gmail.com ) #----------------------------------------------------------------------------------------- # Date: 2019.06.03 #----------------------------------------------------------------------------------------- # Vendor Homepage: http://www.myschoolinfo.in #----------------------------------------------------------------------------------------- # Category: Web Application #----------------------------------------------------------------------------------------- # Dork: — #----------------------------------------------------------------------------------------- # Vulnerability Path: http://server/photo-gallery.php?Id=[SQLi] #----------------------------------------------------------------------------------------- #Tested On: Kali 2019.2 #----------------------------------------------------------------------------------------- #