A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Online Guitar Store 1.0 is vulnerable to a critical SQL injection flaw, allowing attackers to remotely inject malicious code into the application's database. This vulnerability, located in /admin/Create_category.php, could lead to complete system compromise, including data theft and server control.
Step 1: Payload Delivery: An attacker crafts a malicious SQL payload designed to exploit the vulnerability.
Step 2: Request Construction: The attacker constructs an HTTP POST request to /admin/Create_category.php. The malicious SQL payload is injected into the dre_Ctitle parameter of the POST request.
Step 3: Server-Side Processing: The vulnerable PHP script receives the request and processes the dre_Ctitle parameter.
Step 4: Query Execution: The script incorporates the attacker-controlled dre_Ctitle value directly into an SQL query without proper sanitization.
Step 5: Database Manipulation: The database server executes the malicious SQL query, allowing the attacker to perform actions such as retrieving sensitive data, modifying existing data, or creating new administrative accounts.
Step 6: Result Retrieval (Optional): Depending on the payload, the attacker may retrieve the results of their query, confirming successful exploitation and potentially exfiltrating data.
The vulnerability stems from insufficient input validation and sanitization of the dre_Ctitle parameter within the /admin/Create_category.php file. The application likely directly incorporates user-supplied input into an SQL query without proper escaping or filtering. This allows an attacker to craft a malicious SQL payload that, when executed, can manipulate the database, potentially leading to unauthorized access, data modification, or complete server takeover. The root cause is a failure to implement proper input validation and parameterized queries, leading to a classic SQL injection vulnerability.