| タイトル | SourceCodester Ship/Ferry Ticket Reservation System 1.0 SQL Injection |
|---|
| 説明 | A SQL Injection vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper sanitization of user-supplied input within the authentication mechanism. The application fails to properly validate and neutralize malicious SQL syntax in login parameters, allowing attackers to manipulate backend SQL queries during authentication.
During security testing, it was observed that crafted SQL payloads supplied to authentication parameters could alter the intended query logic and bypass credential validation. By injecting malicious SQL syntax into the login functionality, an attacker can successfully authenticate without possessing valid credentials. The vulnerability affects the application's authentication mechanism and permits unauthorized access through SQL query manipulation.
Successful exploitation of this vulnerability results in authentication bypass and unauthorized access to the administrative panel without valid credentials. During testing, it was confirmed that a crafted SQL Injection payload successfully authenticated the attacker as an administrative user, granting access to privileged administrative functionality. An attacker may gain access to sensitive operational information, administrative modules, and critical application functionality, potentially leading to privilege escalation and full compromise of the application's integrity, confidentiality, and security. |
|---|
| ソース | ⚠️ https://medium.com/@hemantrajbhati5555/sql-injection-in-authentication-mechanism-leads-to-authentication-bypass-65177ce7a41c |
|---|
| ユーザー | Hemant Raj Bhati (UID 95613) |
|---|
| 送信 | 2026年05月17日 10:42 (20 日 ago) |
|---|
| モデレーション | 2026年06月04日 17:37 (18 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 368367 [SourceCodester Ship Ferry Ticket Reservation System 迄 1.0 Admin Login /admin/login.php ユーザー名 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|