Itsourcecode Online File Management System SQL Injection Vulnerability in Login Processing

A critical SQL injection vulnerability has been identified in the Itsourccecode Online File Management System version 1.0. The issue arises in the file '/ajax.php?action=login', where user input in the username field is not properly sanitized before being used in SQL queries. This lack of input validation allows attackers to inject malicious SQL code, bypass authentication mechanisms, and potentially gain unauthorized access to the database. The vulnerability can be exploited remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability allows for SQL injection, which can be used to manipulate database queries. In this case, it leads to authentication bypass, allowing unauthorized access to the application.

Reproduction

To reproduce this vulnerability, navigate to the login page of the Online File Management System. Intercept the login request using a proxy tool, such as Burp Suite. Modify the username parameter to include a SQL injection payload, such as 'aaaaa' OR '1'='1'#', and send the modified request to '/ajax.php?action=login'. This will bypass authentication and grant access to the application.

Remediation

It is recommended to implement prepared statements to replace dynamic SQL queries in the affected file with parameterized queries. Additionally, input validation should be enforced for all user-supplied data in the authentication process, and special characters in SQL metacharacters should be properly escaped before any database operations.