code-projects Online Lot Reservation System SQL Injection Vulnerability in loginuser.php

A SQL injection vulnerability has been identified in the Online Lot Reservation System by code-projects, specifically in version 1.0. The issue resides in the loginuser.php file, where the application improperly handles the email and password parameters. This flaw allows attackers to inject malicious SQL code, bypassing authentication mechanisms. The vulnerability can be exploited remotely, without the need for user login or authorization.

Impact

Exploitation of this vulnerability allows attackers to bypass authentication and gain unauthorized access to the system, potentially as an administrator or another user.

Reproduction

To reproduce this vulnerability, send a POST request to the 'loginuser.php' endpoint. Include an injected SQL payload in the 'email' parameter, such as 'admin' OR '1'='1', and a placeholder value in the 'password' parameter. If the injection is successful, the response will include a session cookie indicating a successful login.

Remediation

It is recommended to use prepared statements to handle SQL queries, validate and filter user input to reject any SQL injection vectors, disable the display of database error messages, and use database accounts with the least privileges necessary.