HKritesh009 Grocery List Management Web App SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the HKritesh009 Grocery List Management Web App, affecting all versions prior to the latest commit f491b681eb70d465f445c9a721415c965190f83b. The vulnerability resides in the 'id' parameter of the 'update.php' file, where user input is not properly sanitized before being included in SQL queries. This flaw allows remote attackers to manipulate SQL commands, potentially leading to unauthorized data access, modification, or deletion. Exploitation could also allow attackers to gain full control over the application's backend database.

Impact

Successful exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, bypass authentication, access sensitive data, manipulate or delete database records, and potentially gain complete control over the backend database.

Reproduction

To reproduce this vulnerability, send a GET request to the 'update.php' endpoint with a crafted 'id' parameter that includes a SQL injection payload. The application will respond with a SQL syntax error, indicating that the injection was successful. This vulnerability can be exploited manually or with automated tools like sqlmap.

Remediation

It is recommended to replace dynamic SQL queries with prepared statements to prevent SQL injection. Additionally, implement server-side validation to ensure that 'id' parameters are numeric only. Using least-privileged database accounts can help minimize the impact of a successful exploitation.