Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
Online Flight Booking Management System judge_panel.php has SQLinject.md

Download the source code from

https://www.sourcecodester.com/php/15865/online-flight-booking-management-system-using-php-and-mysql-free-source-code.html

20230113.pic

line: 5 - 24

  <?php
  error_reporting(0);
   include('header2.php');
    include('session.php');
    $judge_ctr=$_GET['judge_ctr'];
    $subevent_id=$_GET['subevent_id'];
    $getContestant_id=$_GET['contestant_id'];
    $pageStat=$_GET['pStat'];
   
    ?>

  <?php    $event_query = $conn->query("select * from sub_event where subevent_id='$subevent_id'") or die(mysql_error());
		while ($event_row = $event_query->fetch()) 
        { ?>
 
             <?php
             $se_MEidxx=$event_row['mainevent_id'];
             $se_namexx=$event_row['event_name'];
             $se_statusxx=$event_row['status'];
              ?> 

Because the string entered by the user is not filtered and the sql statements are spliced, the sql injection vulnerability is generated. It can cause serious harm to the system.

Use burpsuite for vulnerability verification:

202301131.pic

Use sqlmap for vulnerability verification

202301132.pic