SourceCodester Dental Clinic Appointment Reservation System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Dental Clinic Appointment Reservation System version 1.0. The issue arises in the file 'success.php', where user-supplied input in the 'username' and 'password' fields is improperly sanitized before being included in SQL queries. This flaw allows for remote exploitation of the application.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to 'success.php' with crafted 'username' and 'password' parameters that include SQL injection payloads. The application will process these inputs without proper sanitization, allowing the injected SQL code to be executed.