Alumni Management System version 1.0 suffers from a remote blind SQL injection vulnerability. SQL injection was originally discovered in this version in October of 2020 by Ankita Pal.
fef7141bf84194bd470eacd0ad41c8025ad2258f7e132d01bdb00de6ea54475a# Exploit Title: Blind SQL injection on Alumni Management System # Date: 23/10/2020
# Exploit Author: Valerio Alessandroni
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-s ource-code.html
# Version: 1.0
# Tested on: ubuntu 18.04
# CVE : CVE-2020-28070
# Description:
Blind SQL injection vulnerability on Alumni Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the "id" GET parameter through the page view_event.php on line 4.
# Reproduction:
Just visit the page and replace "id" get parameter with the SQL code to exploit this Blind SQL Injection
Example: http://127.0.0.1/index.php?page=view_event&id=[SQL]
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed