SourceCodester Online Eyewear Shop SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Online Eyewear Shop version 1.0. The issue arises in the registration function of the file '/oews/classes/Users.php?f=registration', where the 'id' parameter is manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely without authentication, allowing attackers to access sensitive information from the server.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to extract, modify, or delete database information. In this case, the vulnerability was exploited to retrieve the database name from an error message, indicating the potential for further database manipulation or data extraction.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/oews/classes/Users.php?f=registration' with a crafted 'id' parameter that includes SQL injection payloads. This can be done using tools like Burp Suite or Postman, by setting the 'Content-Type' to 'multipart/form-data' and including the SQL injection payload in the 'id' field. The response will reveal the injected SQL payload's effect, such as through an error message disclosing database information.