Skip to content

Latest commit

 

History

History
49 lines (26 loc) · 1.27 KB

Online Flight Booking Management System review_search.md

File metadata and controls

49 lines (26 loc) · 1.27 KB
Online Flight Booking Management System review_search.php has SQLinject.md

Download the source code from

https://www.sourcecodester.com/php/15865/online-flight-booking-management-system-using-php-and-mysql-free-source-code.html

line: 9

The POST parameter txtsearch is received and assigned to $txtsearch

202301133_f.pic

line: 172-186

202301133_s.pic

 <?php   
          $event_query = $conn->query("select * from sub_event where event_name like '%$txtsearch%'") or die(mysql_error());
	 
           
     
     $menum_row = $event_query->rowcount();
        if( $menum_row > 0){ ?>
        <h3>Sub Events</h3>
        
        <?php 
        while ($event_row = $event_query->fetch()) 
        { 
             $search_mainevent_id=$event_row['mainevent_id'];
             $search_subevent_id=$event_row['subevent_id'];
            ?>

Because the string entered by the user is not filtered and the sql statements are spliced, the sql injection vulnerability is generated. It can cause serious harm to the system.

Use burpsuite for vulnerability verification:

202301133.pic

Use sqlmap for vulnerability verification:

202301133_sqlmap.pic