A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation of the argument student_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A critical SQL injection vulnerability exists in itsourcecode Society Management System 1.0, allowing remote attackers to compromise the database. Exploitation involves manipulating the student_id parameter in /admin/check_studid.php, potentially leading to unauthorized access, data exfiltration, and system takeover. The public availability of the exploit significantly increases the risk of widespread attacks.
Step 1: Request Construction: The attacker crafts a malicious HTTP GET or POST request to /admin/check_studid.php. The request includes a crafted student_id parameter containing a SQL injection payload.
Step 2: Payload Delivery: The attacker's crafted SQL injection payload is embedded within the student_id parameter. This payload is designed to manipulate the database query.
Step 3: Server-Side Processing: The vulnerable PHP script /admin/check_studid.php receives the attacker's request and retrieves the value of the student_id parameter.
Step 4: Query Execution: The script incorporates the attacker-supplied student_id value directly into an SQL query without proper sanitization or escaping. This allows the attacker's injected SQL code to be executed by the database server.
Step 5: Database Interaction: The database server processes the malicious SQL query. Depending on the payload, this could involve retrieving sensitive data, modifying existing data, or potentially gaining control of the database server.
Step 6: Response Analysis: The attacker analyzes the server's response to determine the success of the SQL injection and to extract the results of their malicious query.
The vulnerability stems from a lack of proper input validation and sanitization of the student_id parameter within the /admin/check_studid.php file. Specifically, the application fails to adequately filter or escape special characters used in SQL queries. This allows an attacker to inject malicious SQL code through the student_id parameter. When the application executes the injected SQL, it can lead to various malicious outcomes, including data retrieval (SELECT), data modification (UPDATE, INSERT, DELETE), and even remote code execution (RCE) if the database server allows it. The root cause is a missing or inadequate use of parameterized queries or prepared statements, which would prevent the attacker's input from being interpreted as SQL code.