vendor:
Online Grading System
by:
Ruchi Tiwari
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Online Grading System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:online_grading_system:1.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
2021
Online Grading System 1.0 – ‘uname’ SQL Injection
This exploit is a SQL injection vulnerability in the 'uname' parameter of the Online Grading System 1.0. An attacker can send a malicious request to the login page of the application with a crafted 'uname' parameter that contains a malicious SQL query. This query will cause the application to sleep for 20 minutes, resulting in a denial of service.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
