Authentication Bypass — PARK TICKETING MANAGEMENT SYSTEM(Phpgurukul)

# Exploit Title: PARK TICKETING MANAGEMENT SYSTEM — SQL Injection Vulnreability.
# Date: 25–01–2023
# Exploit Author: Venkata Siva Kumar Medituru
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/
# Vulnerable Parameter : User Name
# Version: 1.0
# Tested on: Windows 10
# Contact: https://www.linkedin.com/in/shivakumar-m-v/

SQL injection is a technique used to exploit the Authentication pages and intruder can penetrate into dashboard without any valid credentials. The perpetrator may enumerate User name, personal information, App functionality and in other words complete account take over is possible.

The reproducive steps are given in vidoe PoC.

Mitigations

01) Configure Web Application Firewall to understand various SQL payloads and to ignore / drop the malicious requests crafted by perpetrator

02) Implement input validations and parametrized queries including prepared statements.

03) Limit the verbose error messages in the responses so that attacker not able to figure out the way to bypass the implemented controls.