This critical flaw stemmed from improper sanitization of user-supplied input. Attackers could inject malicious SQL queries into application parameters, such as the `id` parameter in `index.php`.
This allowed them to bypass authentication and extract sensitive information from the underlying database. Compromised data included student records, teacher details, grades, schedules, and potentially user credentials.
Beyond data theft, attackers could manipulate or delete records, leading to data integrity issues. The vulnerability posed a significant risk to the privacy and security of educational institutions and their users. Addressing such flaws typically involves implementing parameterized queries or prepared statements to prevent SQL code execution.
#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=59
#-----------------------------------------------------------
#Software: DuClassmate
#Method: SQL Injection
#Vendor: http://www.duware.com/
#
#PoC:
#http://target/default.asp?iState=[SQL Injection]
#http://target/default.asp?iCity=[SQL Injection]
#
#Contact: