PHPGurukul User Registration and Login and User Management SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in PHPGurukul User Registration & Login and User Management System with Admin Panel, version 3.3. The issue resides in the admin file 'lastsevendays-reg-users.php', where the 'id' parameter is not properly sanitized. This lack of validation allows authenticated attackers to inject arbitrary SQL queries, exploiting the application using time-based blind SQL injection techniques. The vulnerability could be used to bypass filters and extract sensitive information from the database, such as user data including emails and phone numbers, and potentially to escalate privileges by chaining with other vulnerabilities.

Impact

Exploitation of this vulnerability allows authenticated administrators to perform time-based blind SQL injection, bypassing application filters and extracting sensitive information from the database. This could include user data such as emails and phone numbers, and could be leveraged to enumerate the database structure or escalate privileges by chaining with other vulnerabilities.

Reproduction

To reproduce this vulnerability, an authenticated admin user can send a GET request to 'loginsystem/admin/lastsevendays-reg-users.php' with a crafted 'id' parameter that exploits the SQL injection vulnerability. This can be done manually or using an automated tool like sqlmap, which can be configured to use the admin session cookie.

Remediation

It is recommended to replace the vulnerable SQL query with a parameterized statement using prepared statements, which properly sanitize user input before executing the query. Additionally, all user input should be validated and sanitized to prevent SQL injection vulnerabilities.