PHPGurukul Online Shopping Portal SQL Injection Vulnerability in Cancel Order Handler

A SQL injection vulnerability exists in PHPGurukul Online Shopping Portal Project version 2.1, specifically within the cancelorder.php file. The issue arises from improper validation of the 'oid' parameter, allowing attackers to inject malicious SQL code that is executed without proper sanitization. This vulnerability can be exploited remotely, potentially leading to unauthorized database access, data manipulation, and disruption of services.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data modification or deletion, and in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'cancelorder.php' with the 'oid' parameter. Injecting a payload that exploits time-based blind SQL injection, such as using 'RLIKE SLEEP(5)', can demonstrate the vulnerability.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection. Additionally, input validation and filtering should be implemented to ensure that user input meets expected formats, and database user permissions should be minimized to the least required.