SQL Injection Vulnerability in Dairy Farm Shop Management System Overview A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System (Version 1.3). The vulnerability allows remote attackers to execute arbitrary SQL code via the and parameters in a POST request to the file. Official Website Dairy Farm Shop Management System Vulnerability Details Steps to Reproduce 1. Log in to the Admin Panel - Navigate to the admin login page. - Enter valid credentials and sign in. 2. Navigate to the Category Section - Click the "Manage" button to edit a category. - Fill in any value in the input field. 3. Intercept the Request - Launch Burp Suite and configure the browser to route traffic through it. - Enable Burp Suite Interceptor to capture the request. 4. Modify the Request - Capture the request when updating user details. - Send it into Burp Suite Repeater. - Modify the and parameters with the payload: . 5. Send the Modified Request - Forward the request in Burp Suite Repeater. - Observe the delayed response (10 seconds), confirming the SQL injection vulnerability. Impact Data Theft: Unauthorized access to sensitive data in the database. Data Manipulation: Alteration or deletion of data, compromising integrity. Reconnaissance: Enumeration of database structure for further exploitation. Financial Loss: Potential service disruption leading to monetary losses. Reputation Damage: Loss of user trust due to data breaches or service outages. Recommended Mitigations Implement input validation and output encoding. Use prepared statements or parameterized queries. Apply the principle of least privilege for database access. Deploy a Content Security Policy (CSP) to mitigate injection risks. Reference OWASP SQL Injection Prevention Cheat Sheet