A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing manipulation of the argument del_pro can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Online Guitar Store 1.0 suffers from a critical SQL injection vulnerability in /admin/Delete_product.php, allowing attackers to remotely execute arbitrary SQL commands. Successful exploitation grants attackers unauthorized access to the application's database, potentially leading to data breaches and complete system compromise. This vulnerability is publicly known and easily exploitable.
Step 1: Reconnaissance: The attacker identifies the target application, Online Guitar Store 1.0, and confirms the existence of the /admin/Delete_product.php file.
Step 2: Payload Delivery: The attacker crafts a malicious SQL injection payload, targeting the del_pro parameter. This payload is designed to execute arbitrary SQL commands.
Step 3: Request Submission: The attacker sends a specially crafted HTTP request to /admin/Delete_product.php, including the malicious payload in the del_pro parameter.
Step 4: Server-Side Processing: The vulnerable PHP script receives the request and incorporates the attacker's input directly into an SQL query without proper sanitization.
Step 5: SQL Execution: The database server executes the injected SQL code, allowing the attacker to manipulate the database.
Step 6: Data Exfiltration/Manipulation: Based on the injected SQL, the attacker can then retrieve sensitive data (e.g., user credentials, product information), modify existing data, or potentially gain complete control over the database server.
The vulnerability stems from a lack of proper input validation and sanitization of the del_pro parameter within the /admin/Delete_product.php script. The script likely directly incorporates this user-supplied input into an SQL query without escaping special characters or validating the data type. This allows an attacker to inject malicious SQL code, such as adding, deleting, or modifying data within the database. The root cause is a failure to implement prepared statements or other secure coding practices to prevent SQL injection. The absence of any form of input validation or output encoding further exacerbates the risk.