Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Alumni Management System 1.0 Blind SQL Injection

Related Vulnerabilities: CVE-2020-28070  
Publish Date: 17 Dec 2020
Author: Valerio Alessandroni
Source 
                							

                # Exploit Title: Blind SQL injection on Alumni Management System # Date: 23/10/2020
# Exploit Author: Valerio Alessandroni
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-s ource-code.html
# Version: 1.0
# Tested on: ubuntu 18.04
# CVE : CVE-2020-28070
# Description:
Blind SQL injection vulnerability on Alumni Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the "id" GET parameter through the page view_event.php on line 4.
# Reproduction:
Just visit the page and replace "id" get parameter with the SQL code to exploit this Blind SQL Injection
Example: http://127.0.0.1/index.php?page=view_event&id=[SQL]

<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started