Prison Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Prison Management System Using PHP version 1.0. The issue arises on the Admin login page, where user input for the username field is not properly sanitized, allowing attackers to manipulate SQL queries and potentially bypass authentication.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate the database, extract sensitive information, or bypass authentication. In this case, the vulnerability was exploited to gain unauthorized access to the admin dashboard.

Reproduction

To reproduce this vulnerability, log into the application using the default admin credentials. Once logged in, navigate to the Admin login page. In the username field, enter a crafted SQL injection payload that exploits the application's SQL query handling. Use a password that meets the application's requirements. After submitting the login form, the injection will be processed, and access will be granted to the admin dashboard.