提出 #635801: Portabilis i-Educar 2.10 SQL Injection情報

タイトル	Portabilis i-Educar 2.10 SQL Injection
説明	SQL Injection (Boolean-Based) Vulnerability in id Parameter on /RegraAvaliacao/view?id=[id] Endpoint Summary A SQL Injection vulnerability was identified in the /module/RegraAvaliacao/view?id=[id] endpoint of the i-educar application, specifically in the id parameter. This vulnerability allows attackers to execute arbitrary SQL commands on the backend database, potentially compromising the confidentiality, integrity, and availability of application data. Details Vulnerable Endpoint: /module/RegraAvaliacao/view?id=[id] Parameter: id The application fails to properly validate and sanitize user input in the id parameter. As a result, attackers can inject crafted SQL payloads that are executed directly by the database. This could allow database enumeration, data exfiltration, modification, or denial of service via time-based delays. PoC Step by Step: Install sqlmap tool and type the command below: Payload: sqlmap -u "http://localhost:8086/module/RegraAvaliacao/view?id=1" -p id --cookie="i_educar_session=qEk2wbjxS5IbECJGqnIa0dbmIyI3XIsXqm3WSh6K" \ --dbms=PostgreSQL --technique=B --dbs --batch sqlmap begins to test a lot of SQLi in id parameter until find a boolean-based blind: image 1: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/SQLi6.png Some time after, sqlmap will list of available databases confirming that SQLi: image 2: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/SQLi7.png Still using sqlmap and discovering tables and columns it becomes possible to enumerate this information: image 3: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/SQLi8.png Impact Unauthorized data access: Reading sensitive information such as credentials, personal data, or configuration details Database enumeration: Extracting database schema, tables, and column details Data manipulation: Adding, modifying, or deleting database records. Denial of Service (DoS): Using time-based queries to impact system availability. Potential escalation to RCE: If combined with other vulnerabilities and specific database features. Finder Discovered by Karina Gante.
ソース	⚠️ https://github.com/KarinaGante/KGSec/blob/main/CVEs/i-educar/12.md
ユーザー	karinagante (UID 88113)
送信	2025年08月16日 01:12 (10 月 ago)
モデレーション	2025年08月27日 09:34 (11 days later)
ステータス	承諾済み
VulDBエントリ	321551 [Portabilis i-Educar 迄 2.10 /RegraAvaliacao/view 識別子 SQLインジェクション]
ポイント	20

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!