Vehicle Parking Management System 1.0 - SQL Injection

What is the "Vehicle Parking Management System 1.0 - SQL Injection?"

The "Vehicle Parking Management System 1.0 - SQL Injection" module is designed to detect a SQL injection vulnerability in the Vehicle Parking Management System 1.0 software. This vulnerability allows an attacker to manipulate the password parameter and potentially gain unauthorized access to sensitive information stored in the database. The severity of this vulnerability is classified as critical, indicating the potential for significant damage if exploited. The module was authored by dwisiswant0.

Impact

If successfully exploited, the SQL injection vulnerability in the Vehicle Parking Management System 1.0 can lead to unauthorized access to sensitive information stored in the system's database. This can include personally identifiable information (PII), financial data, or other confidential data. Additionally, an attacker may be able to modify or delete data, disrupt system functionality, or launch further attacks on the system.

How the module works?

The module works by sending a crafted HTTP POST request to the login.php page of the Vehicle Parking Management System 1.0. The request includes a manipulated value for the password parameter, attempting to exploit the SQL injection vulnerability. The module then checks the response for specific patterns to determine if the vulnerability is present.

Matching conditions:

- The response body must contain the following words: "LAGOS PARKER", "Login Successfully", and "location.href = 'index.php';". - The HTTP response status code must be 200.

If both conditions are met, the module reports the presence of the SQL injection vulnerability.