Manikandan580 School Management System Time-Based Blind SQL Injection Vulnerability
Vulnerability
A time-based blind SQL injection vulnerability has been identified in the School Management System version 1.0 by manikandan580. The issue resides in the admin reporting endpoint '/studentms/admin/between-date-reprtsdetails.php', where the 'fromdate' POST parameter is vulnerable to injection. This parameter is directly included in an SQL query without proper sanitization, allowing attackers to inject payloads that exploit the timing of database responses. As a result, the entire database can be enumerated through these timing-based attacks.
Impact
Exploitation of this vulnerability allows for complete enumeration of the database, including sensitive student records, admin credentials, and personally identifiable information. Additionally, SQL injection could be used to alter or delete database records. The timing-based nature of the injection could also be leveraged to cause a denial-of-service condition on the database by introducing delays in query processing.
Reproduction
The vulnerability can be reproduced by sending a POST request to '/studentms/admin/between-date-reprtsdetails.php' with a 'fromdate' parameter that includes a crafted SQL payload. The payload should be designed to exploit the SQL injection vulnerability by, for example, using 'SELECT(SLEEP(N))' to test the injection and measure the response time, confirming the vulnerability.
Remediation
To address this vulnerability, implement parameterized queries using PDO or MySQLi prepared statements to prevent SQL injection. Validate the 'fromdate' parameter server-side to ensure it conforms to the 'YYYY-MM-DD' format, rejecting any invalid values. Disable verbose SQL error messages in production to avoid disclosing database details. Restrict the database user's privileges to the minimum necessary, avoiding permissions that could be abused, such as 'FILE', 'SUPER', or 'DROP'. Consider deploying a Web Application Firewall (WAF) with rules to detect and block SQL injection attempts.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.