Bus Reservation System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Bus Reservation System version 1.1. The issue resides in the 'pickup_id' parameter, allowing attackers to manipulate database queries. This vulnerability can be exploited using boolean-based, error-based, and time-based blind SQL injection techniques, potentially leading to unauthorized data access from the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to extract, modify, or delete database information.

Reproduction

To reproduce this vulnerability, send a request to the application with a payload in the 'pickup_id' parameter that exploits SQL injection. This can be done using a tool like Burp Suite or manually through a web browser. The application will return a database error message, indicating that the SQL injection was successful.