PHPGurukul Online Shopping Portal SQL Injection Vulnerability in category.php

A critical SQL injection vulnerability has been identified in the PHPGurukul Online Shopping Portal Project version 1.0. The issue resides in the category.php file, where the 'product' parameter is manipulated to inject malicious SQL queries. This vulnerability allows remote attackers to access and manipulate the database, potentially leading to unauthorized data access, data modification or deletion, and execution of unauthorized operations on the system.

Impact

Exploitation of this vulnerability allows attackers to inject malicious SQL queries, bypassing authentication and authorization. This could lead to unauthorized access to the database, allowing attackers to read, modify, or delete data. Additionally, such exploitation could be used to execute administrative operations on the database or potentially escalate privileges on the application or server.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'shopping/search-result.php' endpoint with a crafted 'product' parameter. The injected SQL payload can be a time-based blind injection, using a SQL injection technique that exploits the database's response time to infer information, or a UNION-based injection, which can be used to extract data from the database by combining the results of the injected query with the original query.

Remediation

To address this vulnerability, it is recommended to implement prepared statements and parameter binding to separate SQL code from user input, conduct thorough input validation and filtering, and minimize database user permissions to the least required.