SourceCodester PHP Display Username After Login SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester PHP Display Username After Login version 1.0. The issue resides in the login.php file, where the Username parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, posing a significant risk to the application's database security.

Impact

Exploitation of this vulnerability allows unauthorized access to the database, enabling attackers to leak, modify, or delete data. Additionally, it could lead to complete system control and service disruption.

Reproduction

The vulnerability can be reproduced by sending a POST request to the login.php file with a crafted username parameter that includes SQL injection payloads. This can be done using tools like sqlmap, which automates the injection process and exploitation.

Remediation

To address this vulnerability, developers should implement prepared statements and parameter binding to prevent SQL injection. Input validation and filtering should be applied to ensure that user input meets expected formats, blocking malicious data. Additionally, database user permissions should be minimized, granting only the necessary rights to the account used for database connections.