Attack Chain

1. The attacker identifies a vulnerable instance of itsourcecode Online Enrollment System 1.0.
2. The attacker crafts a malicious HTTP request targeting /enrollment/index.php?view=edit&id=3.
3. The attacker injects SQL code into the deptid parameter of the HTTP request.
4. The web server processes the request and passes the tainted deptid parameter to the SQL query.
5. The injected SQL code is executed against the database, allowing the attacker to bypass authentication or access sensitive data.
6. The attacker may escalate the attack by attempting to execute arbitrary commands on the server.
7. Successful exploitation allows the attacker to dump database contents, modify enrollment records, or gain administrative access.

Impact

Successful exploitation of this SQL injection vulnerability could lead to complete compromise of the Online Enrollment System. This includes unauthorized access to sensitive student data, modification of enrollment records, and potentially remote code execution on the server. Given that a public exploit exists, organizations using the vulnerable software are at high risk of experiencing data breaches, financial losses, and reputational damage. The potential victim count depends on the number of installations of the affected Online Enrollment System.

Recommendation

• Inspect web server logs for suspicious POST requests to /enrollment/index.php containing potentially malicious SQL syntax within the deptid parameter to identify potential exploitation attempts.
• Deploy the Sigma rule Detect SQL Injection Attempt via deptid Parameter to detect exploitation attempts targeting the vulnerable endpoint.
• Block requests to /enrollment/index.php?view=edit&id=3 containing SQL keywords in the deptid parameter at the WAF or reverse proxy.
• Apply input validation and sanitization to the deptid parameter within the application code to prevent SQL injection attacks in the future.