CVE-2020-29287
📋 TL;DR
This SQL injection vulnerability in Car Rental Management System v1.0 allows attackers to execute arbitrary SQL commands via the id parameter in view_car.php or car_id parameter in booking.php. This affects all deployments of this specific software version, potentially compromising the entire database.
💻 Affected Systems
- Car Rental Management System
📦 What is this software?
Car Rental Management System by Car Rental Management System Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution if database functions allow it.
Likely Case
Database information disclosure, data manipulation, and potential privilege escalation within the application.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection.
🎯 Exploit Status
Exploit code is publicly available and requires minimal technical skill to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch exists. Replace vulnerable code with parameterized queries in view_car.php and booking.php files.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd input validation to ensure id and car_id parameters are numeric and within expected ranges.
Modify PHP code to validate $_GET['id'] and $_GET['car_id'] parameters
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns targeting id and car_id parameters.
Configure WAF to block SQL injection patterns in URL parameters
🧯 If You Can't Patch
- Isolate the system from internet access and restrict to internal network only.
- Implement strict network segmentation and monitor all database access attempts.
🔍 How to Verify
Check if Vulnerable:
Test view_car.php?id=1' OR '1'='1 and booking.php?car_id=1' OR '1'='1 for SQL error responses.Check Version:
Check PHP files for version comments or compare file hashes with original v1.0 release.Verify Fix Applied:
Test the same SQL injection attempts and verify they return proper error messages or no database errors.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in PHP logs
- Multiple failed parameter validation attempts
- Suspicious patterns in access logs (single quotes, SQL keywords)
Network Indicators:
- HTTP requests with SQL injection patterns in id/car_id parameters
- Unusual database query patterns from web server
SIEM Query:
source="web_logs" AND (uri="*view_car.php*" OR uri="*booking.php*") AND (param="*' OR*" OR param="*UNION*" OR param="*SELECT*" OR param="*--*" OR param="*;*" OR param="*/*")🔗 References
- https://github.com/BigTiger2020/Car-Rental-Management-System/blob/main/README.md
- https://www.exploit-db.com/exploits/49056
- https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html
- https://github.com/BigTiger2020/Car-Rental-Management-System/blob/main/README.md
- https://www.exploit-db.com/exploits/49056
- https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html
