### Name - **Vulnerability Name**: Sourcecodester Online Student Clearance System Project V1.0 /Admin/changepassword.php SQL injection ### Affected Product - **Product Name**: Online Student Clearance System - **Vendor Homepage**: https://www.sourcecodester.com/php/17892/online-clearance-system.html ### Affected Version - **Version**: V1.0 ### Software Link - https://www.sourcecodester.com/sites/default/files/download/Senior%20Walter/student_clearance_system_aurthur_javis.zip ### Vulnerability Type - **Type**: SQL injection ### Root Cause - The SQL injection vulnerability exists in the `/Admin/changepassword.php` file. The cause is that the `txtconfirm_password` parameter is not properly sanitized or validated, and is directly used in SQL queries. ### Impact - Attackers can exploit this SQL injection vulnerability to gain unauthorized access to the database, leak sensitive data, modify data, achieve full system control, and even cause service disruption, posing a serious threat to system security and business continuity. ### Vulnerability Description and Reproduction - The vulnerability is located in the `/Admin/changepassword.php` file. When the form is submitted, the administrator's password obtained from the `txtconfirm_password` parameter is directly used in an SQL UPDATE statement to modify content in the database. ### Vulnerability Details and POC ```php $sql = "update admin set `password`='$confirm_new' where username='".$admin_username."';"; ``` - Attackers can inject malicious SQL code via the `txtconfirm_password` parameter to manipulate page response time. - All configuration details were obtained during testing and BurpSuite execution. ### Recommended Fixes 1. **Use Prepared Statements and Parameter Binding**: Prepared statements prevent SQL injection by avoiding the interpretation of user input as SQL code. 2. **Input Validation and Filtering**: Strictly validate and filter user input to conform to expected formats. 3. **Minimize Database User Privileges**: Ensure the database connection account has only the minimum necessary privileges. 4. **Regular Security Audits**: Conduct regular code and system security audits to promptly identify and fix potential security vulnerabilities.