Enviar #768181: code-projects simple flight booking system published February 14, 2026 SQL Injectioninformación

Títulocode-projects simple flight booking system published February 14, 2026 SQL Injection
DescripciónSummary The vulnerability exists in multiple components of the Simple Flight Ticket Booking System due to improper input validation and unsafe SQL query construction. Several endpoints directly concatenate user-controlled input into SQL statements, leading to classic SQL Injection (SQLi) vulnerabilities. Root Cause The application fails to sanitize or parameterize user-controlled input passed into mysqli_query() calls across multiple files such as login.php, register.php, Adminadd.php, Adminupdate.php, Admindelete.php, Adminsearch.php, cartdelete.php, and pay.php. For example, in login.php: $username = $_POST['username']; $res = mysqli_query($conn, "SELECT * FROM passanger WHERE username='$username'"); User input is directly embedded into the SQL string without prepared statements or escaping, allowing attackers to manipulate the query structure. Reproduction Access the login page of the application. Send the following POST request to login.php: POST /flight booking/login.php Content-Type: application/x-www-form-urlencoded username=' UNION SELECT 'attacker','a','pwn','a','a','a','a','a','2020-01-01' -- -&pwd=pwn If successful, the application redirects to homepage.html, demonstrating authentication bypass via SQL Injection. Alternatively, a time-based proof can be triggered using: GET /flight booking/Adminsearch.php?flightno=' OR SLEEP(3) -- - If the response is delayed by approximately 3 seconds, the SQL Injection vulnerability is confirmed. Impact This vulnerability allows remote attackers to: Bypass authentication mechanisms. Extract sensitive database information. Insert, modify, or delete flight and booking records. Manipulate payment status records. Potentially escalate privileges via administrative endpoints. Overall, the SQL Injection flaws compromise the confidentiality, integrity, and availability of the entire booking system database.
Fuente⚠️ https://github.com/shenxianyuguitian/simple-flight-booking-SQL/tree/main
Usuario
 xuanyuesanshi (UID 88126)
Sumisión2026-02-26 11:28 (hace 5 meses)
Moderación2026-03-07 21:43 (9 days later)
EstadoDuplicado
Entrada de VulDB349654 [code-projects Simple Flight Ticket Booking System 1.0 /login.php Nombre de usuario inyección SQL]
Puntos0

Do you want to use VulDB in your project?

Use the official API to access entries easily!