SourceCodester Online Hotel Reservation System SQL Injection Vulnerability in edituser.php

A critical SQL injection vulnerability has been identified in SourceCodester Online Hotel Reservation System version 1.0. The issue resides in the admin/edituser.php file, where the userid parameter is improperly validated, allowing attackers to inject arbitrary SQL commands. This vulnerability can be exploited remotely, potentially leading to unauthorized database access, data manipulation, and application control.

Impact

Exploitation of this vulnerability allows for boolean-based blind SQL injection, time-based blind SQL injection, and UNION-based SQL injection, with the injected SQL being executed on the backend MySQL database. This could result in unauthorized data access, data modification or deletion, and extraction of sensitive information from the database.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP request to the admin/edituser.php file with an injected SQL payload in the userid parameter. This can be done using tools like sqlmap, which automates the process of finding and exploiting SQL injection vulnerabilities.

Remediation

It is recommended to use prepared statements and parameterized queries to prevent SQL injection, validate and sanitize user inputs, apply the principle of least privilege to database accounts, conduct regular security audits, and upgrade deprecated libraries.