Code-Projects Simple Chat System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Code-Projects Simple Chat System version 1.0. The issue arises in the sendMessage.php file, where the application fails to properly validate and sanitize user input in the 'msg' parameter. This oversight allows attackers to manipulate the input, injecting malicious SQL that is executed by the database. The vulnerability can be exploited remotely, and the details of the exploitation are publicly available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to the sendMessage.php file with a crafted 'msg' parameter that includes SQL injection payloads. The application does not require authentication, allowing for exploitation by any user.