Code-Projects Train Ticket Reservation System Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in Code-Projects Train Ticket Reservation System version 1.0. The issue arises in the Login Form component, where the 'username' input is not properly validated, allowing for excessively long strings to be entered. This lack of input size control leads to a stack overflow, causing the program to crash with a segmentation fault. The vulnerability must be exploited locally.

Impact

Exploitation of this vulnerability causes the program to crash, but it could also be leveraged for arbitrary code execution, especially if the application is running with elevated privileges.

Reproduction

To reproduce this vulnerability, compile the Train Ticket Reservation System with the default name. After compiling, run the program and enter a long string as the username. The input should be long enough to exceed the buffer limit, which will cause the program to crash with a segmentation fault, indicating a stack overflow.