lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAJanCZTNtZDubDDoQavAMfL_F43FNCrXiio+R3yOiYgxUnL-wA@mail.gmail.com>
Date: Fri, 30 May 2025 22:58:18 +0530
From: Sanjay Singh <sanjay70023@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2025-45542: Time-Based Blind SQL Injection in
 CloudClassroom PHP Project v1.0

Hello Full Disclosure list,

I am sharing details of a newly assigned CVE affecting an open-source
educational software project:

------------------------------------------------------------------------
CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP
Project v1.0
------------------------------------------------------------------------

Product: CloudClassroom PHP Project
Vendor: https://github.com/mathurvishal/CloudClassroom-PHP-Project
Affected Version: v1.0
Vulnerability Type: SQL Injection
Attack Type: Remote
CVE ID: CVE-2025-45542
Discoverer: Sanjay Singh

Vulnerability Details:
A time-based blind SQL injection vulnerability exists in the
`registrationform` endpoint of CloudClassroom-PHP-Project v1.0. The `pass`
parameter is not properly sanitized, allowing an unauthenticated remote
attacker to manipulate backend SQL logic and potentially extract sensitive
information.

Proof of Concept:
The vulnerability can be exploited using a POST request with a crafted
payload like:
`'XOR(if(now()=sysdate(),sleep(6),0))XOR'`

Impact:
Successful exploitation allows for:
- Arbitrary SQL execution
- Potential information disclosure
- Authentication bypass under certain conditions

Recommended Mitigations:
- Use prepared statements with parameterized queries
- Sanitize input with `mysqli_real_escape_string()` or similar
- Implement a Web Application Firewall (WAF)
- Enforce least privilege on the application’s DB user

References:
- GitHub: https://github.com/mathurvishal/CloudClassroom-PHP-Project
- Exploit-DB Submission (pending approval)
- GHDB Dork (submitted): `inurl:"CloudClassroom-PHP-Project-master"
intitle:"Cloud Classroom"`

I have also submitted this to Exploit-DB and the Google Hacking Database to
assist defenders and researchers.

Attached is a detailed advisory in plain text format.

Regards,
Sanjay Singh
https://www.linkedin.com/in/sanjay70023

https://gist.github.com/sanjay70023/63e9c32e49a0760eaa6b9e2a8ba8c966

View attachment "CVE-2025-45542.txt" of type "text/plain" (1233 bytes)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ