Monday, October 18, 2021

Engineers Online Portal 1.0 SQL Injection

# Exploit Title: Engineers Online Portal 1.0 is vulnerable to three types
of SQL injection attacks.
# Author: nu11secur1ty
# Testing and Debugging: nu11secur1ty
# Date: 10.13.2021
# Vendor:
# Link:

[+] Exploit Source:

[+] Description:
The id parameter from my_classmates.php on the Engineers Online Portal app
appears to be vulnerable to three types of SQL injection
attacks, boolean-based blind, error-based, and UNION query.
The payload '+(select load_file('\\ggc'))+'
was submitted in the id parameter.
This payload injects a SQL sub-query that calls MySQL's load_file function
with a UNC file path that references a URL on an external domain.
The application interacted with that domain, indicating that the injected
SQL query was executed.
Also, user login is vulnerable to SQL-Injection bypass authentication on
parameter "username".


Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore