A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Online Guitar Store 1.0 suffers from a critical SQL injection vulnerability in /login.php, allowing attackers to remotely compromise the application's database. This flaw, stemming from improper input validation of the L_email parameter, enables unauthorized access and potential data exfiltration, posing a significant risk to user data and system integrity.
Step 1: Payload Delivery: The attacker crafts a malicious SQL injection payload designed to be injected into the L_email parameter of the /login.php file. This payload is designed to manipulate the SQL query's logic, such as retrieving sensitive data or bypassing authentication.
Step 2: Request Submission: The attacker sends a specially crafted HTTP POST or GET request to /login.php, including the malicious payload within the L_email parameter.
Step 3: Query Execution: The vulnerable application receives the request and, without proper sanitization, incorporates the attacker's payload directly into a SQL query. The application then executes this modified query against the database.
Step 4: Database Interaction: The database server interprets the injected SQL code, executing the attacker's commands. This could involve retrieving user credentials, modifying data, or even gaining control of the database server.
Step 5: Information Disclosure/System Compromise: Based on the injected SQL code, the attacker can achieve various objectives, such as retrieving sensitive information (e.g., usernames, passwords, credit card details), modifying data, or gaining unauthorized access to the system.
The vulnerability lies within the /login.php file of Online Guitar Store 1.0. The application fails to properly sanitize user-supplied input for the L_email parameter before incorporating it into a SQL query. Specifically, the application likely constructs a SQL query that includes the user-provided email address without adequate escaping or validation. This allows an attacker to inject malicious SQL code through the L_email parameter. The root cause is a lack of input validation and parameterized queries, leading to the execution of attacker-controlled SQL commands. The absence of prepared statements exacerbates the issue, making it easier to inject malicious code.