关联漏洞
标题:
N/A
(CVE-2024-57401)
描述:在(Uniclare Student portal v.2 及其之前版本)中存在的SQL注入漏洞,使得远程攻击者能够通过“Forgot Password”(忘记密码)功能执行任意代码。
介绍
# CVE-2024-57401: Time-Based SQL Injection in Uniclare Student Portal v2
## Description
A time-based SQL injection vulnerability has been discovered in version 2 of the Uniclare Student Portal. This vulnerability allows an attacker to inject malicious SQL queries into the application, potentially granting unauthorized access to sensitive data, including student records, financial information, and administrative credentials. This vulnerability can be exploited even with limited privileges.
## Impact
Successful exploitation of this vulnerability could lead to:
* **Data Breach:** Unauthorized access and exfiltration of sensitive student and institutional data.
* **Account Takeover:** Compromise of student, faculty, and administrative accounts.
* **System Compromise:** Potential for further attacks and compromise of the underlying server infrastructure.
* **Reputational Damage:** Loss of trust in the institution and damage to its reputation.
## Affected Version
Uniclare Student Portal version 2.
## Credits
Vulnerability discovered by Ayush Kumar.
## Contact
* LinkedIn: https://www.linkedin.com/in/ayush92/
---
文件快照
[4.0K] /data/pocs/ff74c1a0026d691d42f7114ddafaf4ef9ecb609b
├── [1.1K] README.md
└── [2.5M] Uniclare_Student_portal_V.2.pdf
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。