PHPGurukul Online Shopping Portal SQL Injection Vulnerability in Login Component

A SQL injection vulnerability has been identified in PHPGurukul Online Shopping Portal Project version 2.1. The issue resides in the login component, specifically within the 'fullname' parameter of the 'shopping/login.php' file. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized database access and data exfiltration.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, appended to the original SQL query of the vulnerable endpoint. This could lead to unauthorized database access, data manipulation, and in some cases, executing arbitrary code, depending on the application's database interaction.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the 'Create a new account' section. Enter a full name and complete the other required fields, then sign up. Intercept the sign-up request with Burp Suite and send it to the Repeater tab. In the Repeater, replace the 'fullname' parameter with a crafted payload that exploits the SQL injection vulnerability, such as one that uses a SQL injection technique like time-based blind SQL injection. Send the request and observe the response delay, which indicates successful exploitation.

Remediation

To address this vulnerability, use prepared statements and parameter binding to separate SQL code from user input, preventing SQL injection. Additionally, validate and filter user input to ensure it meets expected formats, and minimize database user permissions to reduce the impact of potential exploitation.