[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Online-Exam-System 2015 - (fid) SQL Injection Vulnerability

Author
Berk Dusunur
Risk
[
Security Risk High
]
0day-ID
0day-ID-34493
Category
web applications
Date add
29-05-2020
Platform
php
# Exploit Title: Online-Exam-System 2015 - 'fid' SQL Injection
# Exploit Author: Berk Dusunur
# Vendor Homepage: https://github.com/sunnygkp10/
# Software Link: https://github.com/sunnygkp10/Online-Exam-System-.git
# Affected Version: 2015
# Tested on: MacosX
# CVE : N/A

# PoC

Affected code

<?php if(@$_GET['fid']) {
echo '<br />';
$id=@$_GET['fid'];
$result = mysqli_query($con,"SELECT * FROM feedback WHERE id='$id' ") or
die('Error');

http://berklocal/dash.php?fid=SQL-INJECTION

#  0day.today [2024-12-25]  #