Yashpokharna2555 Student Management System SQL Injection Vulnerability in student_trans.php

A SQL injection vulnerability has been identified in the Yashpokharna2555 Student Management System, specifically in the student_trans.php file. The issue arises in the confirm_logged_in function, where user-supplied POST parameters, including FIRST_NAME, Last_Name, and EMAIL, are directly concatenated into an SQL INSERT statement without proper sanitization or the use of parameterized queries. This vulnerability allows for unauthorized data insertion, including the potential for cross-site scripting (XSS) payloads, into the database. Additionally, the student_trans.php file lacks authentication checks, leaving the endpoint accessible to anyone without a valid session cookie.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could lead to unauthorized data access, data corruption, or in some cases, executing administrative operations on the database. The vulnerability also allows for cross-site scripting (XSS) attacks by injecting malicious scripts that could be executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, initialize the database using the provided init_db.sql script, which sets up the necessary database and tables. After importing the database, start the web server. No login is required to access the vulnerable endpoint. Send a POST request to student_trans.php?action=add with the injection payload in the FIRST_NAME, Last_Name, and EMAIL fields. The server will respond with a success message, indicating that the injected data has been successfully added to the database.

Remediation

To address this vulnerability, implement authentication by including session.php and calling confirm_logged_in() at the beginning of student_trans.php. Additionally, use prepared statements to prevent SQL injection by binding user inputs as parameters in the SQL query. Validate and sanitize all user inputs to remove any potentially harmful content, such as HTML tags.