CVE-2021-46308 – This SQL injection vulnerability in Sourcecodes... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in Sourcecodester Online Railway Reservation System 1.0 allows attackers to execute arbitrary SQL commands via the 'sid' parameter. Attackers can potentially access, modify, or delete database contents. Any organization using this specific version of the railway reservation system is affected.

💻 Affected Systems

Products:

Sourcecodester Online Railway Reservation System

Versions: 1.0

Operating Systems: Any OS running PHP/MySQL web applications

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific version 1.0 of this railway reservation system. Requires PHP/MySQL environment.

📦 What is this software?

Online Railway Reservation System by Online Railway Reservation System Project

View all CVEs affecting Online Railway Reservation System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access, data manipulation, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permissions restricting damage scope.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via sid parameter is straightforward to exploit with common SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Check for updated version from Sourcecodester
2. If no patch, implement parameterized queries
3. Add input validation for sid parameter
4. Apply web application firewall rules

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to ensure sid parameter contains only expected characters

// PHP example: if(!is_numeric($_GET['sid'])) { die('Invalid input'); }

Web Application Firewall Rule

all

Block SQL injection patterns in sid parameter

ModSecurity rule: SecRule ARGS:sid "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system
Deploy web application firewall with SQL injection detection rules

🔍 How to Verify

Check if Vulnerable:

Test sid parameter with SQL injection payloads like: /page.php?sid=1' OR '1'='1

Check Version:

Check application version in admin panel or source code comments

Verify Fix Applied:

Test with same payloads and verify proper error handling or rejection

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in logs
Multiple failed login attempts after SQL injection
Unusual database queries

Network Indicators:

HTTP requests with SQL keywords in sid parameter
Unusual traffic patterns to database

SIEM Query:

source=web_logs AND (uri_query="*sid=*'*" OR uri_query="*sid=*%27*")

📊 Metadata

CVE ID: CVE-2021-46308

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 21, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Railway-Reservation Exploit,Third Party Advisory
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Railway-Reservation Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46308, you might also want to check these: