| 标题 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 SQL Injection |
|---|
| 描述 | A SQL Injection vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper sanitization of user-supplied input within the authentication mechanism. The application fails to properly validate and neutralize malicious SQL syntax in login parameters, allowing attackers to manipulate backend SQL queries during authentication.
During security testing, it was observed that crafted SQL payloads supplied to authentication parameters could alter the intended query logic and bypass credential validation. By injecting malicious SQL syntax into the login functionality, an attacker can successfully authenticate without possessing valid credentials. The vulnerability affects the application's authentication mechanism and permits unauthorized access through SQL query manipulation.
Successful exploitation of this vulnerability results in authentication bypass and unauthorized access to the administrative panel without valid credentials. During testing, it was confirmed that a crafted SQL Injection payload successfully authenticated the attacker as an administrative user, granting access to privileged administrative functionality. An attacker may gain access to sensitive operational information, administrative modules, and critical application functionality, potentially leading to privilege escalation and full compromise of the application's integrity, confidentiality, and security. |
|---|
| 来源 | ⚠️ https://medium.com/@hemantrajbhati5555/sql-injection-in-authentication-mechanism-leads-to-authentication-bypass-65177ce7a41c |
|---|
| 用户 | Hemant Raj Bhati (UID 95613) |
|---|
| 提交 | 2026-05-17 10時42分 (21 日前) |
|---|
| 管理 | 2026-06-04 17時37分 (18 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 368367 [SourceCodester Ship Ferry Ticket Reservation System 直到 1.0 Admin Login /admin/login.php 用户名 SQL注入] |
|---|
| 积分 | 20 |
|---|