PHPGurukul Park Ticketing Management System SQL Injection Vulnerability

A SQL injection vulnerability exists in the Park Ticketing Management System version 2.0, specifically within the normal-bwdates-reports-details.php file. This vulnerability allows remote attackers to execute arbitrary SQL code by manipulating the fromdate parameter in a POST request. The issue arises from inadequate input validation, enabling attackers to inject malicious SQL payloads that could be executed by the application's database.

Impact

Exploitation of this vulnerability could lead to unauthorized database access, allowing attackers to steal, alter, or delete sensitive data. Additionally, the vulnerability could be used to enumerate database structures, facilitating further attacks. Such actions could disrupt services, causing financial losses and damaging the organization's reputation.

Reproduction

To reproduce this vulnerability, log into the admin panel of the Park Ticketing Management System. Navigate to the 'Report' section and select 'Normal People Report.' Choose any date range in the fromdate and todate input fields. Intercept the request and modify the fromdate parameter to include a crafted SQL payload that exploits the application's SQL query handling. Forward the modified request and observe the response delay, which confirms the successful exploitation of the time-based blind SQL injection vulnerability.

Remediation

To address this vulnerability, it is recommended to sanitize and validate all user inputs, use prepared statements or parameterized queries to prevent SQL injection, and implement a Content Security Policy (CSP) to mitigate risks.