itsourcecode Web-Based Internet Laboratory Management System SQL Injection Vulnerability in Authentication Function

A time-based blind SQL injection vulnerability has been identified in the Web-Based Internet Laboratory Management System version 1.0, specifically within the User::AuthenticateUser function in login.php. The vulnerability arises because the user_email parameter is directly inserted into an SQL query without proper sanitization or use of prepared statements. This flaw enables remote attackers to exploit the application, performing time-based inference attacks to extract sensitive database information such as usernames and password hashes, potentially leading to a complete compromise of user authentication credentials.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate the user_email parameter to execute arbitrary SQL commands. This could be used to extract data from the database, including sensitive information like user credentials, which could then be used to gain unauthorized access to user accounts.

Reproduction

To reproduce this vulnerability, send a POST request to the login.php page with the user_email parameter. The application will process the request and, due to the lack of input validation, the injected SQL payload will be executed. This can be automated with tools like sqlmap, which can exploit the injection and extract database information.