SourceCodester Online Food Ordering System SQL Injection Vulnerability in Category Management

A SQL injection vulnerability has been identified in SourceCodester Online Food Ordering System version 1.0. The issue resides in the category management component, specifically within the admin/manage_category.php file. The vulnerability is triggered through the 'id' parameter in the HTTP GET request, allowing authenticated attackers to inject arbitrary SQL commands. Given that the backend database is SQLite and the injection point supports UNION queries, attackers can exploit this to extract sensitive data from the database and display it on the webpage, in addition to employing blind injection techniques.

Impact

Exploitation of this vulnerability allows for direct database access, enabling attackers to retrieve and display database contents, including sensitive information such as admin credentials. Additionally, the vulnerability could lead to a broader system compromise by allowing enumeration of the database schema and server details.

Reproduction

To reproduce this vulnerability, deploy the Online Food Ordering System locally and log in as an administrator. The 'id' parameter in the 'admin/manage_category.php' file can be exploited using SQL injection techniques, such as UNION-based or Boolean-based blind payloads, to extract database information.