SourceCodester Online Library Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Online Library Management System version 1.0. The issue resides in the '/home.php' file, specifically within the Parameter Handler component. The vulnerability arises from inadequate validation of the 'searchField' parameter, allowing attackers to inject malicious SQL queries. This injection can be executed remotely, without the need for authentication, potentially leading to unauthorized database access, data manipulation, and exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate SQL queries to extract data or interfere with database operations. The vulnerability could also be exploited to execute commands on the server, depending on the application's database configuration.

Reproduction

To reproduce this vulnerability, send a GET request to 'controller/home.php' with the 'searchList' parameter set to 'bookId' and the 'searchField' parameter crafted to include a SQL injection payload. The payload should exploit the application's SQL query handling by injecting malicious SQL code that, for example, uses the 'SLEEP' function to create a time-based blind injection.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection vulnerabilities. Additionally, input validation and filtering should be implemented to ensure user input conforms to expected formats. Minimizing database user permissions and conducting regular security audits can also help enhance the application's security.