关联漏洞
Description
Uniclare Student Portal is an online platform providing students access to academic resources and administrative functions, including grades, course materials, assignment submission, instructor communication, class registration, and personal information management. It streamlines processes and enhances the student experience.
介绍
# CVE-2024-57401: Time-Based SQL Injection in Uniclare Student Portal v2
## Description
A time-based SQL injection vulnerability has been discovered in version 2 of the Uniclare Student Portal. This vulnerability allows an attacker to inject malicious SQL queries into the application, potentially granting unauthorized access to sensitive data, including student records, financial information, and administrative credentials. This vulnerability can be exploited even with limited privileges.
## Impact
Successful exploitation of this vulnerability could lead to:
* Data Breach: Unauthorized access and exfiltration of sensitive student and institutional data.
* Account Takeover: Compromise of student, faculty, and administrative accounts.
* System Compromise: Potential for further attacks and compromise of the underlying server infrastructure.
* Reputational Damage: Loss of trust in the institution and damage to its reputation.
## Affected Version
Uniclare Student Portal version 2.
## Credits
Vulnerability discovered by sanchit Sahni.
## Contact
* LinkedIn: https://www.linkedin.com/in/sanchitsahni07/
---
文件快照
[4.0K] /data/pocs/c59569f4f06d7f0fb0ccd9ee80298a6959e6662b
├── [1.1K] README.md
└── [2.9M] Uniclare Student Portal v2.pdf
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。