Vulnerability of Garage Management System 1.0
About one week ago, author mayurik released Garage Management System 1.0 on https://sourcecodester.com. The web application has a lot of vulnerabilities, so let’s take a look at some of them.
Vendor Homepage: https://www.sourcecodester.com/users/mayurik
Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html
Version: 1.0
Test Environment: Ubuntu 22.04 + Apache2
Sample Vulnerability 1:
Vulnerability: Persistent Cross-site Scripting
Component: Parameter “brand_name” in /brand.php
Cause: There is no user input sanitization on parameter “brand_name”.

Simple PoC:

Screenshot of Exploitation:

Sample Vulnerability 2:
Vulnerability: SQL Injection
Component: Parameter “id” in /print.php
Cause: There is no user input sanitization on parameter “id”.

Simple PoC:
http://hostname:port/garage/print.php?id=1 ’[SQL Query]
Screenshot of Exploitation:

Sample Vulnerability 3:
Vulnerability: Persistent Cross-site Scripting
Component: Parameter “name” in /client.php
Cause: There is no user input sanitization on parameter “name”.

Simple PoC:

Screenshot of Exploitation:

Sample Vulnerability 4:
Vulnerability: Bad Access Control
Component: Parameter “brand_name” in /brand.php
Cause: /print.php does not verify authentication and authorization.
Simple PoC:
Access http://hostname:port/print.php?id=2
Screenshot of Exploitation:

14 Comments
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback: