| Title | PHPGurukul Restaurant Table Booking System using PHP and MySQL 1.0 SQLI, XSS + insecure leakage |
|---|
| Description | App can be downloaded at: https://phpgurukul.com/restaurant-table-booking-system-using-php-and-mysql/
SQLI via "%" injection
after booking a reservation, you can check for details, approval status etc at http://127.0.0.1/rtbs/check-status.php
If you enter a "%", it will leak all data on every user.
Also, when making a reservation on the main page (index.php), you can enter any XSS payload, i.e. <script>alert(1)</script>
This stored XSS will trigger when administrator checks the reservation request (it needs to be approved/rejected)
or a self-xss when you check your reservation or maybe trigger if a hacker drops the "%" for the SQLI.
Finally, not sure if this is technically a CVE or just poor programming, but there's an IDOR when you check your reservation status.
The information about the reservation will be found at: http://127.0.0.1/rtbs/booking-details.php?bid=3 (or w/e your number is)
You can swap the number to 1,2,etc... and see anyone's information without needing to know to booking reservation #.
|
|---|
| User | scumdestroy (UID 48934) |
|---|
| Submission | 11/10/2023 00:18 (3 years ago) |
|---|
| Moderation | 11/10/2023 09:04 (9 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 244945 [PHPGurukul Restaurant Table Booking System 1.0 Reservation Status booking-details.php bid information disclosure] |
|---|
| Points | 17 |
|---|