Code-Projects Car Rental System SQL Injection Vulnerability in Login.php

A critical SQL injection vulnerability has been identified in the Code-Projects Car Rental System version 1.0, specifically within the login.php file. The issue arises from inadequate validation of user input in the 'uname' parameter, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, without any authentication, potentially leading to unauthorized access to the database, manipulation or deletion of data, and exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for unauthorized database access, manipulation or deletion of data, and leakage of sensitive information. Such actions could disrupt services and pose a significant threat to overall system security and business operations.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'login.php' with the 'uname' parameter. Inject a payload that exploits the SQL injection vulnerability, such as one that uses a time-based blind SQL injection technique, like adding a SQL injection payload that causes the database to pause (sleep) for a few seconds before responding. This demonstrates that the injection was successful by using SQL injection techniques to extract information from the database.

Remediation

To address this vulnerability, it is recommended to use prepared statements and parameter binding to prevent SQL injection by separating SQL code from user input. Additionally, input validation and filtering should be implemented to ensure user data conforms to expected formats. Minimizing database user permissions and conducting regular security audits can further enhance the application's security.