A critical vulnerability, identified as CVE-2023-5283, has been found in SourceCodester Engineers Online Portal 1.. This system, used by engineering students and professionals around the world, has been exposed to a severe security breach that affects its "teacher_signup.php" file, leading to an SQL injection attack.

The vulnerability's identifier, VDB-240911, marks it as critical due to its potential to allow unauthorized access to sensitive information, which can then be exploited by attackers. In this post, we'll go over the exploit details, including the code snippet responsible for the vulnerability, and provide links to the original references for further information.

Vulnerability Details

The CVE-2023-5283 vulnerability stems from a lack of proper input validation in the "teacher_signup.php" file of the SourceCodester Engineers Online Portal 1.. Attackers can manipulate the 'firstname' and 'lastname' arguments, leading to an SQL injection. This attack may be initiated remotely, and since the exploit has been disclosed to the public, it can be potentially used by malicious individuals.

The following code snippet, found in the "teacher_signup.php" file, demonstrates the vulnerability

<?php
//...
$username = $_POST["username"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
//...

$query = "INSERT INTO teachers (username, firstname, lastname) VALUES ('$username', '$firstname', '$lastname')";
$result = mysqli_query($connection, $query);
//...
?>

As seen above, the 'firstname' and 'lastname' arguments from user input ($_POST) are directly used in the SQL query without proper validation or sanitization. This lack of input validation can lead to an SQL injection attack, as demonstrated below:

Exploit Example

In this example, an attacker could input the following string into the 'firstname' field during the registration process:

John', ''); DROP TABLE teachers; --

When this string is inserted into the SQL query, the final query will look like this

INSERT INTO teachers (username, firstname, lastname) VALUES ('$username', 'John', ''); DROP TABLE teachers; --', '$lastname')

This query will insert a regular entry with the specified username and then execute an SQL injection attack by dropping the entire 'teachers' table from the database.

1. Vulnerability Database (VDB) Entry
2. CVE Details

Conclusion

In light of this critical vulnerability (CVE-2023-5283) discovered in SourceCodester Engineers Online Portal 1., users are urged to exercise caution and patch their systems as soon as possible to prevent potential exploitation. Online portals like these often store sensitive data, and such vulnerabilities can lead to severe consequences if left unaddressed. Stay vigilant and keep your systems up to date to ensure the security of your data.

Timeline

Published on: 09/29/2023 20:15:10 UTC
Last modified on: 11/07/2023 04:23:47 UTC