Code-Projects Student Membership System SQL Injection Vulnerability in Delete User Function

A SQL injection vulnerability has been identified in the Student Membership System version 1.0, specifically within the delete_user.php file. The issue arises because the user deletion function improperly concatenates the 'id' parameter from the POST request into the SQL delete statement. This flaw allows an attacker to manipulate the SQL query, potentially leading to the deletion of any administrator user. Such an action could result in the loss of administrative privileges, making the system unmanageable. Furthermore, an attacker could exploit this vulnerability to delete the entire user table, causing the application to crash.

Impact

Exploitation of this vulnerability could allow an attacker to delete administrator accounts, disrupt system management, or erase the entire user table, leading to a system crash.

Reproduction

To reproduce this vulnerability, send a POST request to the delete_user.php file with an 'id' parameter that includes a crafted SQL payload, such as '1' OR '1'='1'. This will exploit the SQL injection vulnerability by manipulating the SQL query to delete unintended user accounts.

Remediation

It is recommended to use prepared statements with PDO or MySQLi to prevent SQL injection vulnerabilities. Additionally, implement strict validation and escaping of all user input before processing it in SQL queries.