PHP Timeclock SQL Injection Vulnerability in login.php

A SQL injection vulnerability has been identified in PHP Timeclock version 1.04. This vulnerability exists in the login_userid parameter of login.php and allows unauthenticated attackers to execute time-based and boolean-based blind SQL injection attacks. Exploitation of this vulnerability enables attackers to extract sensitive database information, including employee names and credentials. The issue arises from improper handling of SQL payloads in POST requests, which can be manipulated to include malicious SQL commands that are executed by the database.

Impact

Exploitation of this vulnerability allows for time-based and boolean-based blind SQL injection, enabling attackers to extract database contents. This could include sensitive information such as employee names and credentials.

Reproduction

The vulnerability can be reproduced by sending crafted POST requests to login.php with SQL payloads in the login_userid parameter. For time-based blind SQL injection, the payload can include a SLEEP function to delay the response, indicating successful exploitation. For boolean-based blind SQL injection, the payload can use RLIKE conditional statements to create a true or false response based on the injected SQL logic.