PHPGurukul Human Metapneumovirus Testing Management System SQL Injection Vulnerability in Password Recovery Page

A critical SQL injection vulnerability has been identified in PHPGurukul's Human Metapneumovirus Testing Management System version 1.0. The issue resides in the Password Recovery Page, specifically within the 'password-recovery.php' file. The vulnerability is triggered by manipulating the 'username' parameter, allowing attackers to inject malicious SQL queries. This SQL injection can be exploited remotely, without any authentication, potentially leading to unauthorized access to the database, data modification or deletion, and exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data modification or deletion, and in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, navigate to the 'password-recovery.php' page. No login or authorization is required. Once on the page, intercept the request using a tool like Burp Suite. The 'username' parameter can then be manipulated to inject SQL payloads. After crafting the injection, the modified request can be sent to the server. The injection can be automated using a tool like SQLMap, which can exploit the vulnerability and extract database information.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection vulnerabilities. Additionally, input validation and filtering should be implemented to ensure user input conforms to expected formats. Minimizing database user permissions and conducting regular security audits can also help mitigate such vulnerabilities.