📄 Computer Laboratory Management System 1.0 SQL Injection

# SQL Injection Vulnerability in Computer Laboratory Management System Using PHP and MySQL (LMS) v1.0
    
    ## Summary
    
    A SQL Injection vulnerability exists in Computer Laboratory Management System Using PHP and MySQL (LMS) v1.0. The application fails to properly validate and sanitize user-supplied input provided through the `id` parameter, allowing an authenticated attacker to manipulate backend SQL queries.
    
    Successful exploitation may allow an attacker to access, modify, or delete database contents, bypass application restrictions, and potentially compromise sensitive information stored within the application.
    
    ## Vulnerability Details
    
    * Product Name:Computer Laboratory Management System Using PHP and MySQL (LMS)
    * Version: 1.0
    * Vulnerability Type: SQL Injection
    * CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    
    ## Affected Endpoint
    
      /php-lms/admin/item/manage_item.php?id=8
    
    ## Steps to Reproduce
    
    1. Steps to Reproduce.
    
    2. Log in to the application using valid administrative credentials.
    
    3. Navigate to the Add Item page and edit any existing item.
    
    4. Intercept the request using Burp Suite.
    
    5. Forward the intercepted request to Burp Repeater.
    
    6. Insert a single quote (') into the vulnerable parameter and observe that the application returns a SQL error, indicating improper input handling.
    
    7. Replace the parameter value with the following Boolean-Based SQL Injection payload:
    
        '+AND+5816%3d5816+AND+'WpR1'%3d'WpR1
    
    8. Send the modified request.
    
    9. Observe that the application processes the injected SQL condition successfully and returns a valid response, confirming the presence of a Boolean-Based SQL Injection vulnerability.
    
    ## Impact
    
    Successful exploitation may allow an attacker to:
    
    * Read sensitive database contents
    * Enumerate database structure
    * Modify or delete records
    * Bypass application logic
    * Escalate privileges
    * Compromise the confidentiality, integrity, and availability of application data
    
    ## Remediation
    
    * Use parameterized queries (prepared statements).
    * Implement strict server-side input validation.
    * Avoid dynamic SQL query construction using user-supplied input.
    * Apply the principle of least privilege to database accounts.
    * Implement centralized error handling and avoid exposing database errors to users.
    
    ## Credits
    
    Discovered and Reported by: Subodh Sharma
    
    ## References
    
    * CWE-89: SQL Injection
    * OWASP SQL Injection Prevention Cheat Sheet