| शीर्षक | code-projects Interview Management 1.0 SQL Injection + Missing Authentication |
|---|
| विवरण | A SQL Injection vulnerability combined with a missing authentication check was discovered in the deletion functionality of Interview Management System in PHP version 1.0.
Missing Authentication: The file delete.php does not include any session verification before processing requests. While other pages in the application check for a valid login session, delete.php directly instantiates the Delete class and acts on GET parameters without requiring authentication:
<?php
include ("inc/classes/Delete.php");
$delete = new Delete();
if (isset($_GET['action']) and $_GET['action'] == 'questiondelete') {
$delete->deleteQuestion();
}
if (isset($_GET['action']) and $_GET['action'] == 'deletecand') {
$delete->deleteCandidate();
}
?>
SQL Injection: Inside the Delete class, the GET parameter id is directly concatenated into DELETE queries. Although the application uses PDO, the variable is already interpolated into the query string before prepare() is called, making the prepared statement ineffective as a protection mechanism:
public function deleteQuestion(){
$question_id = $_GET['id'];
$sql = "DELETE FROM reports WHERE question_id = $question_id";
$query = $this->db->simplequerywithoutcondition($sql);
$sql = "DELETE FROM questions WHERE question_id = $question_id";
$query = $this->db->simplequerywithoutcondition($sql);
}
public function deleteCandidate(){
$cand_id = $_GET['id'];
$sql = "DELETE FROM reports WHERE cand_id = $cand_id";
$sql = "DELETE FROM comments WHERE cand_id = $cand_id";
$sql = "DELETE FROM candidates WHERE cand_id = $cand_id";
}
An unauthenticated attacker can inject into the id parameter to delete all records in the reports, questions, candidates, and comments tables. |
|---|
| स्रोत | ⚠️ https://gist.github.com/c4ttr4ck/6270bf630365b64d35a0acc48cbf5b12 |
|---|
| उपयोगकर्ता | c4ttr4ck (UID 75518) |
|---|
| सबमिशन | 02/06/2026 08:19 PM (1 महीना पहले) |
|---|
| संयम | 03/07/2026 08:33 PM (1 month later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 208135 [janobe Interview Management System 1.0 delete.php?action=questiondelete पहचान SQL इंजेक्शन] |
|---|
| अंक | 0 |
|---|