SourceCodester Simple Responsive Tourism Website SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Simple Responsive Tourism Website version 1.0. The issue arises in the Registration component, specifically within the file '/classes/Master.php?f=register'. The vulnerability is triggered by manipulating the 'username' parameter, which allows attackers to inject malicious SQL queries. This exploitation can be done remotely, without any authentication.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized database access, data manipulation, and access to sensitive information.

Reproduction

To reproduce this vulnerability, send a POST request to '/tourism/classes/Master.php?f=register' with the 'username' parameter crafted to include malicious SQL payloads. The injection can be verified by observing the application's response or by using a tool like sqlmap to automate the exploitation process.

Remediation

No specific remediation measures are known for this vulnerability.