Engineers Online Portal 1.0 SQL Injection

Type packetstorm
Reporter nu11secur1ty
Modified 2021-10-18T00:00:00


                                            `# Exploit Title: Engineers Online Portal 1.0 is vulnerable to three types  
of SQL injection attacks.  
# Author: nu11secur1ty  
# Testing and Debugging: nu11secur1ty  
# Date: 10.13.2021  
# Vendor:  
# Link:  
[+] Exploit Source:  
[+] Description:  
The id parameter from my_classmates.php on the Engineers Online Portal app  
appears to be vulnerable to three types of SQL injection  
attacks, boolean-based blind, error-based, and UNION query.  
The payload '+(select load_file('\\ggc'))+'  
was submitted in the id parameter.  
This payload injects a SQL sub-query that calls MySQL's load_file function  
with a UNC file path that references a URL on an external domain.  
The application interacted with that domain, indicating that the injected  
SQL query was executed.  
Also, user login is vulnerable to SQL-Injection bypass authentication on  
parameter "username".