Code-Projects Student Membership System SQL Injection Vulnerability in Admin Login

A SQL injection vulnerability has been identified in the Student Membership System version 1.0, specifically within the admin login functionality. The issue arises in the file /admin/index.php, where the application improperly handles the username and password inputs by directly concatenating them into the SQL query. This flaw allows attackers to manipulate the input, using techniques such as injecting a universal password to bypass authentication and gain unauthorized access to the administrator dashboard. The vulnerability can be exploited remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability allows attackers to bypass authentication and gain administrative access to the application. Once logged in, they can modify or delete data, create new administrator accounts, and access all functionalities available to administrators.

Reproduction

To reproduce this vulnerability, send a POST request to the /admin/index.php endpoint with the username parameter set to 'admin' followed by a SQL injection payload, such as ' OR '1'='1. The password parameter can be filled with any value, as the injection bypasses the need for a valid password. This request will be processed by the vulnerable SQL query, allowing access to the admin dashboard.

Remediation

It is recommended to use prepared statements for database queries to prevent SQL injection vulnerabilities. Additionally, implement proper password hashing and verification functions to secure user authentication.