CVE-2021-46086
📋 TL;DR
xzs-mysql online examination system versions t3.4.0 and above have an insecure permissions vulnerability in the exam paper submission function. Attackers can modify parameters in HTTP requests to manipulate or destroy real examination data. This affects all users running vulnerable versions of this open-source system.
💻 Affected Systems
- xzs-mysql online examination system
📦 What is this software?
Xzs Mysql by Mindskip
⚠️ Risk & Real-World Impact
Worst Case
Complete destruction or manipulation of all examination data, rendering the system unusable and compromising academic integrity.
Likely Case
Selective manipulation or deletion of examination results, potentially affecting specific users or exams.
If Mitigated
No impact if proper input validation and authorization checks are implemented.
🎯 Exploit Status
Exploitation requires modifying HTTP parameters using tools like Burp Suite, but does not require authentication bypass.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check GitHub repository for latest patched version
Vendor Advisory: https://github.com/mindskip/xzs-mysql/issues/327
Restart Required: Yes
Instructions:
1. Check current version. 2. Update to latest version from GitHub repository. 3. Restart the application server. 4. Verify fix by testing parameter manipulation attempts.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation for all exam submission parameters
Implement parameter validation in exam submission handler
Web Application Firewall
allDeploy WAF to detect and block parameter manipulation attempts
Configure WAF rules to monitor for unusual parameter modifications
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all exam submission endpoints
- Deploy network segmentation to isolate the examination system from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Test if modifying parameters in exam submission requests results in unauthorized data changesCheck Version:
Check application version in admin panel or configuration filesVerify Fix Applied:
Attempt to modify parameters in exam submission requests and verify they are rejected or properly validated📡 Detection & Monitoring
Log Indicators:
- Unusual parameter values in exam submission logs
- Multiple failed validation attempts for exam submissions
Network Indicators:
- HTTP requests with modified parameters to exam submission endpoints
- Unusual traffic patterns during exam periods
SIEM Query:
source="web_logs" AND (uri="/exam/submit" OR uri="/paper/submit") AND (param_modification=true OR validation_failure=true)