PuneethReddyHC Online Shopping System Advanced SQL Injection Vulnerability

A time-based blind SQL injection vulnerability has been identified in the 'edit_product.php' file of PuneethReddyHC Online Shopping System Advanced version 1.0. The vulnerability arises because the 'product_id' GET parameter is passed to a SQL query without proper validation or parameterization, allowing attackers to inject SQL commands that can be executed by the database.

Impact

Exploitation of this vulnerability allows attackers to confirm and enumerate database content using blind SQL injection techniques, exfiltrate data such as schema and table names, and potentially escalate privileges depending on the database rights and application context.

Reproduction

To reproduce this vulnerability, send a crafted request to the 'product_id' parameter in the 'edit_product.php' file. Include SQL injection payloads that exploit time-based SQL injection techniques, such as using the 'SLEEP' function to create delays in the server's response. Observe the response times to confirm successful injection.

Remediation

To address this vulnerability, use parameterized queries or prepared statements for all database interactions. Validate and sanitize input by treating 'product_id' as an integer. Ensure the database user has minimal privileges and avoid leaking detailed database errors to the client. As a temporary measure, implement Web Application Firewall (WAF) rules to detect and block common SQL injection patterns.