phpgurukul Complaint Management System SQL Injection Vulnerability in Password Reset Feature

A SQL injection vulnerability has been identified in the Complaint Management System in PHP, version 2.0. The issue arises in the user/reset-password.php file, where the mobileno parameter is not properly validated before being used in an SQL query. This lack of input sanitization allows unauthenticated users to manipulate the parameter and execute arbitrary SQL commands, potentially leading to unauthorized data access or exfiltration.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to execute arbitrary SQL commands. This could result in unauthorized data access, data manipulation, or in some cases, executing commands on the server through database command execution features.

Reproduction

To reproduce this vulnerability, navigate to the password reset page and enter a mobile number in the mobileno field. After submitting the form, capture the request using a tool like Burp Suite. Modify the mobileno parameter to include a time-delay SQL injection payload, then resend the request. The response will indicate successful exploitation by showing a delay in the server's reply, confirming the injection was processed.

Remediation

To address this vulnerability, implement input validation and sanitization for the mobileno parameter, ensuring it meets expected formats before processing. Additionally, use prepared statements with parameterized queries to prevent direct execution of user input as SQL code.