Bhabishya-123 E-Commerce SQL Injection Vulnerability in Signup Endpoint

A SQL injection vulnerability has been identified in Bhabishya-123 E-Commerce version 1.0, specifically within the signup.inc.php endpoint. The vulnerability arises because the application directly includes unsanitized user inputs in SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access to the application.

Impact

Exploitation of this vulnerability allows for authentication bypass, unauthorized access to privileged features, and data exfiltration through time-based blind SQL injection. Additionally, it could lead to data manipulation or deletion, a full compromise of the backend database, and potentially remote code execution.

Reproduction

To reproduce this vulnerability, clone the E-Commerce repository and host it locally using XAMPP or LAMP. Navigate to the signup.inc.php endpoint. Send a POST request to this endpoint with a payload that includes a time-based SQL injection in the email parameter. If the application response is delayed, the injection is successful.

Remediation

It is recommended to replace dynamic SQL queries with prepared statements, perform input validation and sanitization for all user inputs, and conduct regular code audits and penetration testing. Deploying a Web Application Firewall (WAF) to block known SQL injection patterns can also be beneficial.