Отправить #768181: code-projects simple flight booking system published February 14, 2026 SQL InjectionИнформация

Названиеcode-projects simple flight booking system published February 14, 2026 SQL Injection
ОписаниеSummary The vulnerability exists in multiple components of the Simple Flight Ticket Booking System due to improper input validation and unsafe SQL query construction. Several endpoints directly concatenate user-controlled input into SQL statements, leading to classic SQL Injection (SQLi) vulnerabilities. Root Cause The application fails to sanitize or parameterize user-controlled input passed into mysqli_query() calls across multiple files such as login.php, register.php, Adminadd.php, Adminupdate.php, Admindelete.php, Adminsearch.php, cartdelete.php, and pay.php. For example, in login.php: $username = $_POST['username']; $res = mysqli_query($conn, "SELECT * FROM passanger WHERE username='$username'"); User input is directly embedded into the SQL string without prepared statements or escaping, allowing attackers to manipulate the query structure. Reproduction Access the login page of the application. Send the following POST request to login.php: POST /flight booking/login.php Content-Type: application/x-www-form-urlencoded username=' UNION SELECT 'attacker','a','pwn','a','a','a','a','a','2020-01-01' -- -&pwd=pwn If successful, the application redirects to homepage.html, demonstrating authentication bypass via SQL Injection. Alternatively, a time-based proof can be triggered using: GET /flight booking/Adminsearch.php?flightno=' OR SLEEP(3) -- - If the response is delayed by approximately 3 seconds, the SQL Injection vulnerability is confirmed. Impact This vulnerability allows remote attackers to: Bypass authentication mechanisms. Extract sensitive database information. Insert, modify, or delete flight and booking records. Manipulate payment status records. Potentially escalate privileges via administrative endpoints. Overall, the SQL Injection flaws compromise the confidentiality, integrity, and availability of the entire booking system database.
Источник⚠️ https://github.com/shenxianyuguitian/simple-flight-booking-SQL/tree/main
Пользователь
 xuanyuesanshi (UID 88126)
Представление26.02.2026 11:28 (5 месяцы назад)
Модерация07.03.2026 21:43 (9 days later)
СтатусДубликат
Запись VulDB349654 [code-projects Simple Flight Ticket Booking System 1.0 /login.php Имя пользователя SQL-инъекция]
Баллы0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!