| عنوان | SourceCodester Ship/Ferry Ticket Reservation System 1.0 SQL Injection |
|---|
| الوصف | A SQL Injection vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper sanitization of user-supplied input within the authentication mechanism. The application fails to properly validate and neutralize malicious SQL syntax in login parameters, allowing attackers to manipulate backend SQL queries during authentication.
During security testing, it was observed that crafted SQL payloads supplied to authentication parameters could alter the intended query logic and bypass credential validation. By injecting malicious SQL syntax into the login functionality, an attacker can successfully authenticate without possessing valid credentials. The vulnerability affects the application's authentication mechanism and permits unauthorized access through SQL query manipulation.
Successful exploitation of this vulnerability results in authentication bypass and unauthorized access to the administrative panel without valid credentials. During testing, it was confirmed that a crafted SQL Injection payload successfully authenticated the attacker as an administrative user, granting access to privileged administrative functionality. An attacker may gain access to sensitive operational information, administrative modules, and critical application functionality, potentially leading to privilege escalation and full compromise of the application's integrity, confidentiality, and security. |
|---|
| المصدر | ⚠️ https://medium.com/@hemantrajbhati5555/sql-injection-in-authentication-mechanism-leads-to-authentication-bypass-65177ce7a41c |
|---|
| المستخدم | Hemant Raj Bhati (UID 95613) |
|---|
| ارسال | 17/05/2026 10:42 AM (21 أيام منذ) |
|---|
| الاعتدال | 04/06/2026 05:37 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 368367 [SourceCodester Ship Ferry Ticket Reservation System حتى 1.0 Admin Login /admin/login.php أسم المستخدم حقن SQL] |
|---|
| النقاط | 20 |
|---|