| タイトル | SourceCodester POS Inventory System 1.0 SQL Iiinjection + IDOR + Weak Passw ord Hashing |
|---|
| 説明 | A chained vulnerability combining SQL Injection, Insecure Direct Object Reference (IDOR), and weak password hashing was discovered in the customer and supplier edit functionality of POS Inventory System Using PHP version 1.0.
SQL Injection: Both edit_customer.php and edit_supplier.php concatenate the id GET parameter and all POST parameters directly into SQL UPDATE queries:
$id = $_GET['id'];
$username = $_POST['username'];
$password = $_POST['password'];
mysqli_query($conn, "update user set username='$username', password='$pass' where userid='$id'");
IDOR: The application fails to verify if the id parameter matches the authenticated user's session. Any authenticated user can supply id=1 to modify the administrator's credentials.
Weak Hashing: The system uses MD5 without salt for password storage, making it vulnerable to offline rainbow table attacks. Additionally, a critical logic bug always triggers the MD5 hash even when it should store the current password. |
|---|
| ソース | ⚠️ https://gist.github.com/c4ttr4ck/599151a2b90c1cd620933c992873c67a |
|---|
| ユーザー | c4ttr4ck (UID 75518) |
|---|
| 送信 | 2026年04月26日 23:34 (1 月 ago) |
|---|
| モデレーション | 2026年05月24日 09:45 (27 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 365427 [SourceCodester Simple POS and Inventory System 1.0 /admin/edit_customer.php 識別子 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|