| 제목 | SourceCodester POS Inventory System 1.0 SQL Iiinjection + IDOR + Weak Passw ord Hashing |
|---|
| 설명 | A chained vulnerability combining SQL Injection, Insecure Direct Object Reference (IDOR), and weak password hashing was discovered in the customer and supplier edit functionality of POS Inventory System Using PHP version 1.0.
SQL Injection: Both edit_customer.php and edit_supplier.php concatenate the id GET parameter and all POST parameters directly into SQL UPDATE queries:
$id = $_GET['id'];
$username = $_POST['username'];
$password = $_POST['password'];
mysqli_query($conn, "update user set username='$username', password='$pass' where userid='$id'");
IDOR: The application fails to verify if the id parameter matches the authenticated user's session. Any authenticated user can supply id=1 to modify the administrator's credentials.
Weak Hashing: The system uses MD5 without salt for password storage, making it vulnerable to offline rainbow table attacks. Additionally, a critical logic bug always triggers the MD5 hash even when it should store the current password. |
|---|
| 원천 | ⚠️ https://gist.github.com/c4ttr4ck/599151a2b90c1cd620933c992873c67a |
|---|
| 사용자 | c4ttr4ck (UID 75518) |
|---|
| 제출 | 2026. 04. 26. PM 11:34 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 24. AM 09:45 (27 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 365427 [SourceCodester Simple POS and Inventory System 1.0 /admin/edit_customer.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|