Grocery Store Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Grocery Store Management System version 1.0, developed by anirudhkannanvp. The issue arises in the search_products_itname.php file, where the sitem_name POST parameter is improperly sanitized before being incorporated into an SQL query. This flaw allows remote attackers to manipulate SQL queries, extract database information, and potentially compromise the backend system.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to extract, alter, or delete database information. The vulnerability has been confirmed to allow in-band data exfiltration, as demonstrated by the successful execution of the SQL command SELECT database(), which returned the name of the current database.

Reproduction

The vulnerability can be reproduced by sending a POST request to the search_products_itname.php endpoint with a crafted payload in the sitem_name parameter. The payload should be designed to break out of the string context and introduce a boolean condition that can be evaluated by the SQL server. After the injection, the application behavior can be observed to confirm the exploitation.

Remediation

To address this vulnerability, it is recommended to use parameterized queries or prepared statements to prevent direct string interpolation in SQL queries. Additionally, input validation should be implemented to ensure that the sitem_name parameter only contains expected characters. Other measures include using least-privilege database credentials, implementing database query timeouts, deploying a Web Application Firewall as a temporary control, and disabling detailed SQL error outputs in production.