| عنوان | SourceCodester POS Inventory System 1.0 SQL Iiinjection + IDOR + Weak Passw ord Hashing |
|---|
| الوصف | A chained vulnerability combining SQL Injection, Insecure Direct Object Reference (IDOR), and weak password hashing was discovered in the customer and supplier edit functionality of POS Inventory System Using PHP version 1.0.
SQL Injection: Both edit_customer.php and edit_supplier.php concatenate the id GET parameter and all POST parameters directly into SQL UPDATE queries:
$id = $_GET['id'];
$username = $_POST['username'];
$password = $_POST['password'];
mysqli_query($conn, "update user set username='$username', password='$pass' where userid='$id'");
IDOR: The application fails to verify if the id parameter matches the authenticated user's session. Any authenticated user can supply id=1 to modify the administrator's credentials.
Weak Hashing: The system uses MD5 without salt for password storage, making it vulnerable to offline rainbow table attacks. Additionally, a critical logic bug always triggers the MD5 hash even when it should store the current password. |
|---|
| المصدر | ⚠️ https://gist.github.com/c4ttr4ck/599151a2b90c1cd620933c992873c67a |
|---|
| المستخدم | c4ttr4ck (UID 75518) |
|---|
| ارسال | 26/04/2026 11:34 PM (1 شهر منذ) |
|---|
| الاعتدال | 24/05/2026 09:45 AM (27 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365427 [SourceCodester Simple POS and Inventory System 1.0 /admin/edit_customer.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|