CloudClassroom-PHP-Project SQL Injection Vulnerability in Admin Login Component

A critical SQL injection vulnerability has been identified in CloudClassroom-PHP-Project version 1.0, specifically within the loginlinkadmin.php component. The vulnerability arises because the application fails to properly sanitize user input in the admin login form before incorporating it into SQL queries. This oversight allows unauthenticated attackers to inject arbitrary SQL payloads, bypass authentication, and gain unauthorized administrative access. Exploitation involves entering crafted input, such as a SQL injection payload, into the username field, which compromises the login mechanism and could lead to exposure of sensitive backend data.

Impact

Exploitation of this vulnerability allows for full authentication bypass, unauthorized access to admin features, potential data leakage or manipulation through UNION-based SQL injection, and complete compromise of the backend database.

Reproduction

To reproduce this vulnerability, clone the CloudClassroom-PHP-Project repository and host it locally using XAMPP or LAMP. Navigate to the loginlinkadmin.php endpoint. In the admin login form, enter a crafted username payload that exploits the SQL injection vulnerability, such as ' OR '1'='1', along with any value in the password field. This injection bypasses authentication and grants access as the first admin user.

Remediation

It is recommended to replace dynamic SQL queries with prepared statements, perform input validation and sanitization for all user inputs, deploy a Web Application Firewall (WAF) to block known SQL injection patterns, and conduct regular code audits and penetration testing.