SourceCodester Online Food Ordering System SQL Injection Vulnerability in Actions.php

A SQL injection vulnerability has been identified in SourceCodester's Online Food Ordering System version 1.0. The issue resides in the Actions.php file, specifically within the save_customer action. The vulnerability arises because the application does not adequately sanitize user input for the username parameter in POST requests. This oversight enables attackers to inject malicious SQL commands, which can be exploited to manipulate the application's database.

Impact

Exploitation of this vulnerability allows attackers to exfiltrate data from the SQLite database, including personal identifiable information (PII) of customers, admin credentials, and order details. Additionally, there is a potential for authentication bypass by manipulating login logic.

Reproduction

To reproduce this vulnerability, deploy the Online Food Ordering System locally and access the Customer Registration or Edit Customer interface in the admin panel. The vulnerability can be exploited by sending a POST request to Actions.php with an injected SQL payload in the username parameter. This can be done manually or by using a tool like sqlmap, which automates the process of finding and exploiting SQL injection vulnerabilities.