phpgurukul Student Management System SQL Injection Vulnerability

A blind SQL injection vulnerability has been identified in phpGurukul Student Management System version 1.0. The issue resides in the search functionality within the admin panel, specifically in the 'searchdata' parameter of 'studentms/admin/search.php'. This vulnerability arises from insufficient input sanitization, allowing attackers to inject malicious SQL queries that could be executed by the database. Exploitation of this vulnerability could lead to unauthorized access to the application's database and sensitive information.

Impact

Exploitation of this vulnerability allows for blind SQL injection, where an attacker can manipulate SQL queries and potentially access or modify database information.

Reproduction

To reproduce this vulnerability, send a POST request to 'studentms/admin/search.php' with the 'searchdata' parameter. The injected SQL payload can be crafted to exploit the application's database query handling. After uploading the proof of concept images, the SQL injection can be exploited using SQLMap, a popular penetration testing tool that automates the process of finding and exploiting SQL injection vulnerabilities. SQLMap can be used to extract database information, demonstrating the impact of the vulnerability.