作者Rahul Bogar在教育网站上发现SQL注入漏洞。通过输入大学编号下载学生收据,并利用特殊字符触发MySQL错误。使用sqlmap工具自动化攻击,成功获取学生个人信息(PII)。尝试操作系统命令注入但因权限不足未成功。 2025-10-31 07:52:59 Author: infosecwriteups.com(查看原文) 阅读量:10 收藏
Hello Everyone myself Rahul Bogar. In this writeup I will tell you how I found the SQLi in the educational website.
Let’s begin,
I was testing one educational website where I found the one endpoint like down.html where student need university number to download the receipts. I searched online about the college and found the university number of top students, which I used to download the receipts.
Press enter or click to view image in full size
after entering the university number I can see the student fees history and I clicked the one receipt number which is opened in url with parameter
?no=52
Press enter or click to view image in full size
so I just put the special characters to see the response of the page where I got mysql error while using the apostrophe(‘).
Press enter or click to view image in full size
after getting this error I didn’t wasted the time, used sqlmap to automate the task and dumped the database and got the students PII.
Press enter or click to view image in full size
Press enter or click to view image in full size
I tried for os-shell injection but didn’t have permission to WRITE FILE.
that it, Thank you.
如有侵权请联系:admin#unsafe.sh