SourceCodester Simple Company Website SQL Injection Vulnerability in Login.php

A critical SQL injection vulnerability has been identified in SourceCodester Simple Company Website version 1.0. The issue resides in the Login.php file, specifically within the login functionality. The vulnerability allows remote attackers to inject malicious SQL queries through the 'username' parameter, exploiting inadequate input validation. This exploitation could lead to unauthorized database access, data manipulation, and exposure of sensitive information.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to the database, manipulation or deletion of data, and exposure of sensitive information. Such actions could disrupt normal service operations and compromise overall system security.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'classes/Login.php' with the 'username' parameter. Injecting SQL payloads, such as boolean-based blind, error-based, or time-based blind SQL injection techniques, can exploit the vulnerability. The injection bypasses authentication, allowing unauthorized access to the application's database.

Remediation

To address this vulnerability, it is recommended to implement prepared statements and parameter binding to separate SQL code from user input, ensuring proper input validation and filtering. Additionally, minimizing database user permissions and conducting regular security audits can help maintain overall system security.