Invia #170042: SQL Injection Found in Phpgurukul's "Rail Pass Management System Project in PHP" v 1.0informazioni

TitoloSQL Injection Found in Phpgurukul's "Rail Pass Management System Project in PHP" v 1.0
DescrizioneIn version 1,0 of Phpgurukul's "Rail Pass Management System Project in PHP", there is a unauthenticated SQL injection vulnerability present. On the `/view-pass-detail.php` endpoint, there is a functionality to view and print your rail pass by entering it into the search box. The pass number is a nine-digit number that must be entered exactly for your pass to appear. After entering the correct number, you are given access to the pass owner's full name, e-mail address, trip details, Adhar card number (India's version of SSN), photo and more. However, no brute force is necessary, as all the data can be pulled due to insufficient sanitization. Typing into the text field for pass number at `/view-pass-detail.php` sends a POST request to `/download-pass.php` with the parameters "searchdata=<YOUR_INPUT>&search=" EXPLOIT: By simply entering a "%" symbol, the backend interprets it as a SQL wildcard and will dump all the rail tickets in the database, with links for each to see more information and print the ticket. The vulnerability is present in the "download-pass.php" file, with insufficient sanitization on line 60, when parsing `$sdata=$_POST['searchdata'];` The application's source is: https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/ Thanks for reading!
Utente
 scumdestroy (UID 48934)
Sottomissione15/06/2023 13:09 (3 anni fa)
Moderazione15/06/2023 14:12 (1 hour later)
StatoAccettato
Voce VulDB231625 [PHPGurukul Rail Pass Management System 1.0 POST Request /view-pass-detail.php searchdata iniezione SQL]
Punti17

Do you want to use VulDB in your project?

Use the official API to access entries easily!