## Critical Vulnerability Information ### Affected Product - Train Station Ticketing System Project ### Vendor Homepage - [https://www.sourcecodester.com/php/14572/train-station-ticketing-system-using-phpmysql-source-code.html](https://www.sourcecodester.com/php/14572/train-station-ticketing-system-using-phpmysql-source-code.html) ### Affected/Fixed Version - V1.0 ### Software Link - [https://www.sourcecodester.com/download-code?nid=14572&title=Train+Station+Ticketing+System+using+PHP%2FMySQL+with+Source+Code](https://www.sourcecodester.com/download-code?nid=14572&title=Train+Station+Ticketing+System+using+PHP%2FMySQL+with+Source+Code) ### Vulnerability Type - SQL Injection ### Root Cause - In the file `/ajax.php?action=save_ticket`, insufficient validation of the `price[1]` parameter allows for SQL injection. Attackers can inject malicious SQL code, enabling them to manipulate SQL queries and perform unauthorized operations. ### Impact - Exploiting this SQL injection vulnerability allows attackers to gain unauthorized access to the database, leading to sensitive data exposure, data tampering, system compromise, and service disruption, posing a severe threat to system security and business continuity. ### Description - During a security review of the "Train Station Ticketing System Project PHP", a critical SQL injection vulnerability was discovered in the file `/ajax.php?action=save_ticket`. The vulnerability stems from inadequate user input validation for the `price[1]` parameter, allowing attackers to inject malicious SQL queries. ### Vulnerability Details and POC #### Vulnerability Alias - `price[1]` parameter #### Payload ``` origin_station=2&destination_id=3&pax[1]=2&price[1]=15.00' AND (SELECT 3817 FROM (SELECT(SLEEP(5))))g3]=13.00&total_amount=82 ``` ### Recommended Remediation 1. **Use Prepared Statements and Parameter Binding**: - Prepared statements prevent SQL injection by separating SQL code from user input data. When using prepared statements, user-supplied values are treated as plain data and not interpreted as SQL code. 2. **Input Validation and Filtering**: - Strictly validate and filter user input to ensure it conforms to expected formats. 3. **Minimize Database User Privileges**: - Ensure that database connection accounts have only the minimum necessary privileges. Avoid using accounts with elevated privileges (such as root or admin) for routine operations. 4. **Regular Security Audits**: - Conduct regular code and system security audits to promptly identify and remediate potential security vulnerabilities.