SourceCodester Online Food Ordering System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Online Food Ordering System version 1.0. The issue resides in the Actions.php file, specifically within the save_user action. The vulnerability arises because the application does not adequately sanitize user input for the username parameter in POST requests. This flaw enables authenticated attackers to inject malicious SQL commands, exploiting the SQLite backend database. Attackers could use Boolean-based inference or Time-based blind injection techniques to exfiltrate sensitive data from the database.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command injection, with the potential to exfiltrate data from the SQLite database, including admin credentials, user information, and order history. Additionally, there is a possibility of bypassing authentication mechanisms by manipulating SQL query logic.

Reproduction

To reproduce this vulnerability, deploy the Online Food Ordering System locally and log into the application. Then, send a POST request to Actions.php with the username parameter injected with SQL payloads, such as those demonstrating Boolean-based or Time-based blind SQL injection. This can be done using a tool like sqlmap, which automates the process of finding and exploiting SQL injection vulnerabilities.