PHPGurukul Beauty Parlour Management System SQL Injection Vulnerability in Forgot Password Feature

A critical SQL injection vulnerability has been identified in the PHPGurukul Beauty Parlour Management System version 1.1. The issue arises in the forgot-password.php file, where the email parameter is improperly validated. This flaw allows attackers to inject malicious SQL queries, potentially leading to unauthorized database access, data manipulation, and exploitation of the underlying system. The vulnerability can be exploited remotely without any authentication.

Impact

Exploitation of this vulnerability allows for unauthorized database access via the application's database connection. Attackers can extract, modify, or delete data, and potentially execute commands on the server, depending on the database permissions. This could lead to a complete compromise of the application and its data.

Reproduction

To reproduce this vulnerability, send a POST request to the 'bpms/forgot-password.php' endpoint. Include the 'email' parameter with a crafted SQL injection payload that exploits time-based blind SQL injection, such as one that uses the SQL 'SLEEP' function to create a delay in the response. This indicates that the injection was successful and the SQL query was executed.

Remediation

To address this vulnerability, implement prepared statements and parameter binding to separate SQL code from user input, preventing injection attacks. Additionally, validate and sanitize user input to ensure it meets expected formats before processing. Finally, review and restrict database user permissions to the minimum necessary for application functionality.