Enviar #170042: SQL Injection Found in Phpgurukul's "Rail Pass Management System Project in PHP" v 1.0información

TítuloSQL Injection Found in Phpgurukul's "Rail Pass Management System Project in PHP" v 1.0
DescripciónIn version 1,0 of Phpgurukul's "Rail Pass Management System Project in PHP", there is a unauthenticated SQL injection vulnerability present. On the `/view-pass-detail.php` endpoint, there is a functionality to view and print your rail pass by entering it into the search box. The pass number is a nine-digit number that must be entered exactly for your pass to appear. After entering the correct number, you are given access to the pass owner's full name, e-mail address, trip details, Adhar card number (India's version of SSN), photo and more. However, no brute force is necessary, as all the data can be pulled due to insufficient sanitization. Typing into the text field for pass number at `/view-pass-detail.php` sends a POST request to `/download-pass.php` with the parameters "searchdata=<YOUR_INPUT>&search=" EXPLOIT: By simply entering a "%" symbol, the backend interprets it as a SQL wildcard and will dump all the rail tickets in the database, with links for each to see more information and print the ticket. The vulnerability is present in the "download-pass.php" file, with insufficient sanitization on line 60, when parsing `$sdata=$_POST['searchdata'];` The application's source is: https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/ Thanks for reading!
Usuario
 scumdestroy (UID 48934)
Sumisión2023-06-15 13:09 (hace 3 años)
Moderación2023-06-15 14:12 (1 hour later)
EstadoAceptado
Entrada de VulDB231625 [PHPGurukul Rail Pass Management System 1.0 POST Request /view-pass-detail.php searchdata inyección SQL]
Puntos17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!