Shawon100 RUET OJ SQL Injection Vulnerability in description.php

A SQL injection vulnerability has been identified in the Shawon100 RUET OJ application, specifically in versions up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. The issue arises from an unknown processing of the 'ID' parameter in the 'description.php' file, allowing remote attackers to manipulate the argument and execute SQL injection attacks. This vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate database queries and potentially extract sensitive information from the database. The vulnerability could be exploited to dump the entire database.

Reproduction

To reproduce this vulnerability, authenticate into the application and navigate to 'description.php'. Pass a payload in the 'id' parameter that exploits the SQL injection vulnerability, such as one that includes a time-based delay, indicating successful exploitation. This vulnerability can also be automated using SQLMap.