SourceCodester Bakeshop Online Ordering System SQL Injection Vulnerability in Password Recovery Feature

A SQL injection vulnerability has been identified in SourceCodester Bakeshop Online Ordering System version 1.0. The issue arises in the password recovery feature, specifically within the 'passwordrecover.php' file. The vulnerability is triggered by manipulating the 'phonenumber' parameter, allowing attackers to inject malicious SQL queries. This exploitation can be performed remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized database access, data manipulation or deletion, and exposure of sensitive information.

Reproduction

To reproduce this vulnerability, send a POST request to 'passwordrecover.php' with the 'phonenumber' parameter. Include a payload that exploits time-based blind SQL injection, such as one that uses the SQL 'SLEEP' function to introduce a delay, indicating successful injection. The request should also include the 'recover-submit' and 'token' parameters.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection. Additionally, implement input validation and filtering to ensure user input conforms to expected formats. Minimize database user permissions and conduct regular security audits.