SourceCodester Simple E-Learning System SQL Injection Vulnerability in Delete Post Handler

A SQL injection vulnerability has been identified in SourceCodester Simple E-learning System version 1.0. The issue arises in the delete_post.php file, where the post_id parameter in HTTP GET requests is not properly sanitized. This flaw allows authenticated attackers to inject arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows authenticated attackers to exfiltrate data from the database, such as usernames and password hashes, by injecting SQL commands that manipulate the database query execution. The vulnerability also enables database enumeration, where attackers can identify the database structure, including tables and columns.

Reproduction

To reproduce this vulnerability, log into the application with valid credentials. Intercept a request to the delete_post.php endpoint using a proxy tool like Burp Suite. The post_id parameter can then be manipulated to inject SQL payloads, taking advantage of the application's failure to sanitize user input before it is used in SQL queries.