Submit #595346: SourceCodester Online-Funding-Management-System-PHP-Project 1.0 SQL Injectioninfo

TitleSourceCodester Online-Funding-Management-System-PHP-Project 1.0 SQL Injection
DescriptionA critical SQL injection vulnerability exists in the Online Funding Management System (v1.0) within the members/fundDetails.php page. The m06 GET parameter is susceptible to time-based blind SQL injection due to insufficient input sanitization, enabling attackers to inject malicious SQL code and enumerate database information, such as schema and table counts. The provided payload exploits MySQL’s SLEEP() function to induce a measurable response delay, confirming the vulnerability. This flaw risks unauthorized access to sensitive data, including user credentials and financial records. Vulnerability Details Type: SQL Injection Severity: Critical Affected Component: members/fundDetails.php Affected URL: http://localhost/management_system/members/fundDetails.php?m06=test'%20AND%20IF((SELECT%20COUNT(*)%20FROM%20information_schema.tables%20WHERE%20table_schema=DATABASE())%20%3E%2010,%20SLEEP(5),%200)%20AND%20'abc'%3D'abc Vulnerable Parameter: m06
Source⚠️ https://gist.github.com/0xCaptainFahim/86a679533ca293c98be5ab91b76b213f
User
 0xCaptainFahim (UID 86447)
Submission06/11/2025 11:15 (10 months ago)
Moderation06/19/2025 12:49 (8 days later)
StatusAccepted
VulDB entry313341 [SourceCodester Advance Charity Management System 1.0 /members/fundDetails.php m06 sql injection]
Points20

PreviousOverviewNext