| 제목 | code-projects simple flight booking system published February 14, 2026 SQL Injection |
|---|
| 설명 | Summary
The vulnerability exists in multiple components of the Simple Flight Ticket Booking System due to improper input validation and unsafe SQL query construction. Several endpoints directly concatenate user-controlled input into SQL statements, leading to classic SQL Injection (SQLi) vulnerabilities.
Root Cause
The application fails to sanitize or parameterize user-controlled input passed into mysqli_query() calls across multiple files such as login.php, register.php, Adminadd.php, Adminupdate.php, Admindelete.php, Adminsearch.php, cartdelete.php, and pay.php.
For example, in login.php:
$username = $_POST['username'];
$res = mysqli_query($conn, "SELECT * FROM passanger WHERE username='$username'");
User input is directly embedded into the SQL string without prepared statements or escaping, allowing attackers to manipulate the query structure.
Reproduction
Access the login page of the application.
Send the following POST request to login.php:
POST /flight booking/login.php
Content-Type: application/x-www-form-urlencoded
username=' UNION SELECT 'attacker','a','pwn','a','a','a','a','a','2020-01-01' -- -&pwd=pwn
If successful, the application redirects to homepage.html, demonstrating authentication bypass via SQL Injection.
Alternatively, a time-based proof can be triggered using:
GET /flight booking/Adminsearch.php?flightno=' OR SLEEP(3) -- -
If the response is delayed by approximately 3 seconds, the SQL Injection vulnerability is confirmed.
Impact
This vulnerability allows remote attackers to:
Bypass authentication mechanisms.
Extract sensitive database information.
Insert, modify, or delete flight and booking records.
Manipulate payment status records.
Potentially escalate privileges via administrative endpoints.
Overall, the SQL Injection flaws compromise the confidentiality, integrity, and availability of the entire booking system database. |
|---|
| 원천 | ⚠️ https://github.com/shenxianyuguitian/simple-flight-booking-SQL/tree/main |
|---|
| 사용자 | xuanyuesanshi (UID 88126) |
|---|
| 제출 | 2026. 02. 26. AM 11:28 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 07. PM 09:43 (9 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 349654 [code-projects Simple Flight Ticket Booking System 1.0 /login.php 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 0 |
|---|