SourceCodester Online Food Ordering System SQL Injection Vulnerability in Category Management

A SQL injection vulnerability has been identified in SourceCodester Online Food Ordering System version 1.0. The issue resides in the Actions.php file, specifically within the save_category action, which is responsible for managing food categories. The vulnerability arises because the application does not adequately sanitize user input for the 'name' parameter in POST requests. This flaw enables authenticated attackers to inject malicious SQL commands. Given that the application uses an SQLite database, this vulnerability can be exploited using Boolean-based blind injection techniques to manipulate database queries and potentially exfiltrate sensitive information.

Impact

Exploitation of this vulnerability allows for Boolean-based blind SQL injection, where an attacker can manipulate SQL queries to extract data from the SQLite database. This could include sensitive information such as user credentials and application configuration details.

Reproduction

To reproduce this vulnerability, deploy the Online Food Ordering System locally and log in as an administrator. Then, send a POST request to 'Actions.php' with the 'name' parameter injected with a Boolean-based SQL payload, such as 'Test Category' AND 4458=4458 AND 'uFPE'='uFPE'. This can be done using a tool like SQLMap, which will automate the injection process and exploit the vulnerability.