You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A SQL injection vulnerability was found in the index.php file of the Stock Management System project. This issue arises because user inputs $username and $password from $_POST['username'] and $_POST['password'] are directly used in SQL queries without proper sanitization or validation. This allows attackers to craft input values that can manipulate the SQL query and execute unauthorized operations.
In the above code, the username and password are directly embedded in the SQL query, making them vulnerable to SQL injection attacks
Impact
Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.
DESCRIPTION
During the security review of the "Stock Management System," xuanluansec discovered a critical SQL injection vulnerability in the index.php file. This vulnerability stems from inadequate validation of user inputs for the username and password parameters, allowing attackers to inject malicious SQL queries. As a result, attackers can gain unauthorized access to the database, modify or delete data, and access sensitive information. Immediate remediation is required to secure the system and protect data integrity.
No login or authorization is required to exploit this vulnerability
Vulnerability details and POC
Vulnerability type:
MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Vulnerability location:
'username' parameter
Payload:
username=11' AND (SELECT 5107 FROM (SELECT(SLEEP(5)))kTLs) AND 'iIbh'='iIbh&password=11
Parameter: username (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=11' AND (SELECT 5107 FROM (SELECT(SLEEP(5)))kTLs) AND 'iIbh'='iIbh&password=11
The following are screenshots of some specific information obtained from testing and running with the sqlmap tool:
Use preprocessed statements and parameter binding: Prevent SQL injection by using preprocessed statements and parameterized queries. For example, using PDO or MySQL extensions.
Verify and Filter User Input: Verify and filter all user inputs to ensure that the format and type of input data meet expectations.
Secure Password Storage: Use a more secure hash algorithm to store passwords, such as the password_hash function, instead of using simple MD5 or SHA1.
Example code fix:
if ($_POST) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) || empty($password)) {
if ($username == "") {
$errors[] = "Username is required";
}
if ($password == "") {
$errors[] = "Password is required";
}
} else {
// 使用预处理语句防止SQL注入$stmt = $connect->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$password = md5($password);
// exists$stmt = $connect->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$mainResult = $stmt->get_result();
if ($mainResult->num_rows == 1) {
$value = $mainResult->fetch_assoc();
$user_id = $value['user_id'];
// set session$_SESSION['userId'] = $user_id;
}
}
}
}
The text was updated successfully, but these errors were encountered:
SourceCodester Stock Management System in PHP 1.0 index.php SQL injection vulnerability
NAME OF AFFECTED PRODUCT(S)
Vendor Homepage
AFFECTED AND/OR FIXED VERSION(S)
submitter
Vulnerable File
VERSION(S)
Software Link
PROBLEM TYPE
Vulnerability Type
Root Cause
index.php
file of theStock Management System
project. This issue arises because user inputs$username
and$password
from$_POST['username']
and$_POST['password']
are directly used in SQL queries without proper sanitization or validation. This allows attackers to craft input values that can manipulate the SQL query and execute unauthorized operations.Vulnerability code snippets
Impact
DESCRIPTION
index.php
file. This vulnerability stems from inadequate validation of user inputs for the username and password parameters, allowing attackers to inject malicious SQL queries. As a result, attackers can gain unauthorized access to the database, modify or delete data, and access sensitive information. Immediate remediation is required to secure the system and protect data integrity.No login or authorization is required to exploit this vulnerability
Vulnerability details and POC
Vulnerability type:
Vulnerability location:
Payload:
The following are screenshots of some specific information obtained from testing and running with the sqlmap tool:
Suggested repair
Example code fix:
The text was updated successfully, but these errors were encountered: