header-logo
Suggest Exploit
vendor:
Online Examination System
by:
Ali Ghanbari
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Online Examination System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:onlinefreeprojectdownload:online_examination_system
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016

Online examination system 1.0 – SQL Injection

An attacker can inject malicious SQL queries into the vulnerable parameter 'subid' of the 'showtest.php' script, which can be used to access or modify the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Online examination system 1.0 - SQL Injection
# Google Dork: inurl:showtest.php?subid=
# Date: 2016/06/05
# Exploit Author: Ali Ghanbari
# Vendor Homepage: http://www.onlinefreeprojectdownload.com
# Sofware Link :
http://www.onlinefreeprojectdownload.com/download.php?name=projects/php%20projects/Online_exam.zip
# Version: 1.0

#Exploit:

http://localhost/{PATH}/showtest.php?subid=[SQL Injection]

#Admin Panel:

http://localhost/{PATH}/admin

####################################

[+]Exploit by: Ali Ghanbari

[+]My Telegram :@Exploiter007

Navigation

Suggest Exploit

Services By CQR