itsourcecode Gym Management System SQL Injection Vulnerability in ajax.php?action=save_payment

A critical SQL injection vulnerability has been identified in the itsourcecode Gym Management System version 1.0. The issue resides in the file ajax.php, specifically within the save_payment action. The vulnerability is triggered by the registration_id parameter, which is manipulated to inject malicious SQL queries. This flaw allows remote attackers to access the database, potentially leading to unauthorized data access, data modification, and exploitation of the underlying system.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with database queries. This could result in unauthorized data access, data manipulation, and in some cases, executing administrative operations on the database. Additionally, such vulnerabilities can often be leveraged to execute arbitrary code or cause a denial of service on the application or server.

Reproduction

To reproduce this vulnerability, send a POST request to ajax.php?action=save_payment with the registration_id parameter. Include a payload that exploits time-based blind SQL injection, such as one that uses the SQL SLEEP function to introduce a delay, indicating successful injection. The sqlmap tool can automate this process and confirm the vulnerability.

Remediation

To address this vulnerability, it is recommended to use prepared statements and parameter binding to prevent SQL injection. Additionally, implement strict input validation and filtering to ensure user input conforms to expected formats. Minimizing database user permissions and conducting regular security audits can further enhance the application's security.