| Titel | SourceCodester POS Inventory System 1.0 SQL Iiinjection + IDOR + Weak Passw ord Hashing |
|---|
| Beschreibung | A chained vulnerability combining SQL Injection, Insecure Direct Object Reference (IDOR), and weak password hashing was discovered in the customer and supplier edit functionality of POS Inventory System Using PHP version 1.0.
SQL Injection: Both edit_customer.php and edit_supplier.php concatenate the id GET parameter and all POST parameters directly into SQL UPDATE queries:
$id = $_GET['id'];
$username = $_POST['username'];
$password = $_POST['password'];
mysqli_query($conn, "update user set username='$username', password='$pass' where userid='$id'");
IDOR: The application fails to verify if the id parameter matches the authenticated user's session. Any authenticated user can supply id=1 to modify the administrator's credentials.
Weak Hashing: The system uses MD5 without salt for password storage, making it vulnerable to offline rainbow table attacks. Additionally, a critical logic bug always triggers the MD5 hash even when it should store the current password. |
|---|
| Quelle | ⚠️ https://gist.github.com/c4ttr4ck/599151a2b90c1cd620933c992873c67a |
|---|
| Benutzer | c4ttr4ck (UID 75518) |
|---|
| Einreichung | 26.04.2026 23:34 (vor 1 Monat) |
|---|
| Moderieren | 24.05.2026 09:45 (27 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 365427 [SourceCodester Simple POS and Inventory System 1.0 /admin/edit_customer.php ID SQL Injection] |
|---|
| Punkte | 20 |
|---|