Listen to this Post
The vulnerability in SourceCodester Train Station Ticketing System 1.0 resides in the `/ajax.php?action=save_ticket` endpoint. This script improperly concatenates user-supplied input directly into an SQL query without adequate sanitization. An attacker can exploit this by crafting malicious payloads within the parameters sent to this endpoint. For instance, by inserting SQL meta-characters like a single quote (‘) followed by SQL commands into a field such as ‘passenger_name’, the attacker can manipulate the underlying database query. This allows for the extraction, modification, or deletion of database contents. Since the attack can be performed remotely without authentication, it poses a significant risk to the integrity and confidentiality of the application’s database.
Platform: SourceCodester Ticketing System
Version: 1.0
Vulnerability: SQL Injection
Severity: Medium
date: 11/18/2025
Prediction: Patch expected Q1 2026
What Undercode Say:
`curl -X POST -d “passenger_name=test’ OR ‘1’=’1” http://target/ajax.php?action=save_ticket`
`sqlmap -u “http://target/ajax.php?action=save_ticket” –data=”passenger_name=test” –risk=3 –level=5<h2 style="color: blue;">‘+UNION+SELECT+1,user(),3,4,5–+-`
How Exploit:
Remote unauthenticated SQLi.
Public exploit available.
Manipulates `save_ticket` parameters.
Protection from this CVE
Input sanitization required.
Use parameterized queries.
Deploy WAF rules.
Impact:
Database information disclosure.
Possible data manipulation.
Loss of data integrity.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
