SourceCodester Online Class Record System SQL Injection Vulnerability in Login Admin Panel

A SQL injection vulnerability has been identified in SourceCodester Online Class Record System version 1.0. The issue resides in the admin login file, specifically within the user_email parameter. This vulnerability allows remote attackers to inject malicious SQL queries, potentially leading to unauthorized database access, data manipulation, and exposure of sensitive information. The flaw arises from inadequate input validation, enabling attackers to exploit the application by crafting specific input that is not properly sanitized before being used in SQL queries.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to gain unauthorized access to the database, retrieve, modify or delete data, and potentially execute administrative operations on the database server.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/login.php' with the 'user_email' parameter. Inject a payload that exploits time-based blind SQL injection, such as one that uses the SQL 'SLEEP' function to create a delay, indicating that the injection was successful. This can be done by appending a crafted SQL injection payload to the 'user_email' parameter, while also including a valid 'user_pass' value and the 'btnLogin' button.

Remediation

It is recommended to use prepared statements and parameterized queries to prevent SQL injection vulnerabilities. Additionally, input validation and filtering should be implemented to ensure that user input conforms to expected formats. Minimizing database user permissions and conducting regular security audits can also help mitigate such vulnerabilities.