Code-Projects Simple Cafe Ordering System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Code-Projects Simple Cafe Ordering System version 1.0. The issue arises in the login.php file, where user input from the 'username' parameter is directly concatenated into SQL queries without proper validation or escaping. This vulnerability can be exploited remotely, allowing attackers to manipulate SQL commands and potentially bypass authentication or access sensitive data.

Impact

Exploitation of this vulnerability allows for SQL injection, which can be used to bypass authentication, read arbitrary data from the database, and manipulate business logic, such as placing or modifying orders. Depending on the database account's privileges, it may also be possible to modify or delete data.

Reproduction

To reproduce this vulnerability, send a POST request to the 'login.php' endpoint with a crafted 'username' value that includes SQL injection payloads, such as 'admin' OR '1'='1' -- . This payload exploits the application's SQL query handling by bypassing authentication. The injection can be confirmed if the application accepts the login and redirects the user or sets a session cookie.

Remediation

It is recommended to replace the deprecated mysql_* functions with modern alternatives like PDO or mysqli, and to use prepared statements with bound parameters to safely handle user input. Additionally, inputs should be validated and sanitized on the server side, following the principle of least privilege for database accounts, and implementing logging to detect and respond to suspicious query activities.