| 제목 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 SQL Injection |
|---|
| 설명 | A SQL Injection vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper sanitization of user-supplied input within the authentication mechanism. The application fails to properly validate and neutralize malicious SQL syntax in login parameters, allowing attackers to manipulate backend SQL queries during authentication.
During security testing, it was observed that crafted SQL payloads supplied to authentication parameters could alter the intended query logic and bypass credential validation. By injecting malicious SQL syntax into the login functionality, an attacker can successfully authenticate without possessing valid credentials. The vulnerability affects the application's authentication mechanism and permits unauthorized access through SQL query manipulation.
Successful exploitation of this vulnerability results in authentication bypass and unauthorized access to the administrative panel without valid credentials. During testing, it was confirmed that a crafted SQL Injection payload successfully authenticated the attacker as an administrative user, granting access to privileged administrative functionality. An attacker may gain access to sensitive operational information, administrative modules, and critical application functionality, potentially leading to privilege escalation and full compromise of the application's integrity, confidentiality, and security. |
|---|
| 원천 | ⚠️ https://medium.com/@hemantrajbhati5555/sql-injection-in-authentication-mechanism-leads-to-authentication-bypass-65177ce7a41c |
|---|
| 사용자 | Hemant Raj Bhati (UID 95613) |
|---|
| 제출 | 2026. 05. 17. AM 10:42 (25 날 ago) |
|---|
| 모더레이션 | 2026. 06. 04. PM 05:37 (18 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 368367 [SourceCodester Ship Ferry Ticket Reservation System 까지 1.0 Admin Login /admin/login.php 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|