提交 #768181: code-projects simple flight booking system published February 14, 2026 SQL Injection信息

标题code-projects simple flight booking system published February 14, 2026 SQL Injection
描述Summary The vulnerability exists in multiple components of the Simple Flight Ticket Booking System due to improper input validation and unsafe SQL query construction. Several endpoints directly concatenate user-controlled input into SQL statements, leading to classic SQL Injection (SQLi) vulnerabilities. Root Cause The application fails to sanitize or parameterize user-controlled input passed into mysqli_query() calls across multiple files such as login.php, register.php, Adminadd.php, Adminupdate.php, Admindelete.php, Adminsearch.php, cartdelete.php, and pay.php. For example, in login.php: $username = $_POST['username']; $res = mysqli_query($conn, "SELECT * FROM passanger WHERE username='$username'"); User input is directly embedded into the SQL string without prepared statements or escaping, allowing attackers to manipulate the query structure. Reproduction Access the login page of the application. Send the following POST request to login.php: POST /flight booking/login.php Content-Type: application/x-www-form-urlencoded username=' UNION SELECT 'attacker','a','pwn','a','a','a','a','a','2020-01-01' -- -&pwd=pwn If successful, the application redirects to homepage.html, demonstrating authentication bypass via SQL Injection. Alternatively, a time-based proof can be triggered using: GET /flight booking/Adminsearch.php?flightno=' OR SLEEP(3) -- - If the response is delayed by approximately 3 seconds, the SQL Injection vulnerability is confirmed. Impact This vulnerability allows remote attackers to: Bypass authentication mechanisms. Extract sensitive database information. Insert, modify, or delete flight and booking records. Manipulate payment status records. Potentially escalate privileges via administrative endpoints. Overall, the SQL Injection flaws compromise the confidentiality, integrity, and availability of the entire booking system database.
来源⚠️ https://github.com/shenxianyuguitian/simple-flight-booking-SQL/tree/main
用户
 xuanyuesanshi (UID 88126)
提交2026-02-26 11時28分 (5 月前)
管理2026-03-07 21時43分 (9 days later)
状态重复
VulDB条目349654 [code-projects Simple Flight Ticket Booking System 1.0 /login.php 用户名 SQL注入]
积分0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!