Yashpokharna2555 Student Management System SQL Injection Vulnerability in success.php

A SQL injection vulnerability has been identified in the Yashpokharna2555 Student Management System, specifically in the file success.php. The issue arises because the application improperly handles the User parameter, allowing attackers to manipulate SQL queries and bypass authentication. This vulnerability can be exploited remotely, and the details of the exploit are publicly available.

Impact

Exploitation of this vulnerability allows for SQL injection, which can be used to manipulate database queries. In this case, it could lead to authentication bypass, allowing an attacker to log in as any user, including an administrator.

Reproduction

To reproduce this vulnerability, first initialize the database using the provided init_db.sql script, which creates the necessary database and tables, and inserts sample data. After setting up the database, start the web server. Then, send a POST request to success.php with the admin email and a crafted payload that exploits the SQL injection vulnerability by injecting SQL comments to bypass password verification.

Remediation

To address this vulnerability, use prepared statements to parameterize SQL queries and validate user input before processing it.