SourceCodester Online Student Clearance System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Online Student Clearance System version 1.0. The issue resides in the Admin login.php file, where user input for the username and password fields is directly concatenated into SQL queries without proper validation or escaping. This flaw allows remote attackers to manipulate SQL query structures, potentially leading to unauthorized data access, exposure of sensitive information such as user passwords, and even database corruption or manipulation.

Impact

Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can extract database information by causing the database to pause execution for a specified duration. This could be used to extract sensitive information, such as user passwords, or to manipulate or corrupt database data.

Reproduction

To reproduce this vulnerability, send a POST request to the Admin login.php file with the username parameter injected with SQL payloads. For example, use a payload that includes a SQL injection vector, such as ' OR '1'='1' -- to bypass authentication. The absence of input validation or escaping will allow the injection to be executed. After authentication, the injected payload can be used to extract database information by, for instance, using a UNION SELECT injection to retrieve data from other tables.

Remediation

It is recommended to implement prepared statements to parameterize SQL queries and prevent injection attacks. Additionally, input validation should be applied to sanitize user inputs before processing them. Regular security audits and the use of Web Application Firewalls (WAF) can provide further protection against such vulnerabilities.