SourceCodester Simple Hotel Booking System Buffer Overflow Vulnerability

A critical buffer overflow vulnerability has been identified in SourceCodester Simple Hotel Booking System version 1.0. The issue arises in the login function, where the uname variable is manipulated, allowing for excessive data to be written and causing a buffer overflow. This vulnerability can be exploited locally.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a crash by overwriting the return address on the stack.

Reproduction

The vulnerability can be reproduced by compiling the application with Visual Studio 2022, ensuring that stack protection and alarms are disabled. After running the program, set a breakpoint in the debugger on line 29 of the login function. When the breakpoint is hit, input more than 10 bytes into the uname variable. The memory monitoring window will reveal the buffer overflow, showing that the input data has overflowed into adjacent memory.