itsourcecode Web-Based Internet Laboratory Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Web-Based Internet Laboratory Management System version 1.0. The issue resides in the '/settings/controller.php' file, where user input from the 'action=delete&id=1' parameter is not properly validated or sanitized before being used in SQL queries. This lack of input validation allows attackers to inject malicious SQL code, potentially leading to unauthorized database access, data manipulation, and exposure of sensitive information. The vulnerability can be exploited remotely without any authentication.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to the database, manipulation or deletion of data, and exposure of sensitive information. Such actions could disrupt services and compromise overall system security.

Reproduction

To reproduce this vulnerability, send a GET request to 'settings/controller.php' with the 'action' parameter set to 'delete' and the 'id' parameter set to a value that can be manipulated. The injection can be performed by adding a time-based blind SQL injection payload, such as 'AND (SELECT 2130 FROM (SELECT(SLEEP(5)))tQWF)', which exploits the application's SQL query handling by causing a delay in the response, indicating successful injection.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection vulnerabilities. Additionally, input validation and filtering should be implemented to ensure user input conforms to expected formats. Minimizing database user permissions and conducting regular security audits can further enhance the application's security.