Bookea-tu-Mesa is susceptible to a SQL Injection (SQLi) vulnerability. This flaw allows attackers to inject malicious SQL commands that can manipulate the database, potentially compromising the application's data integrity and security.
Steps to Reproduce:
- Go to http://localhost/Bookea-tu-Mesa/ReservationTable.php.
- In the search field, type the following SQL injection payload: ''"+UNION+SELECT+VERSION(),NULL,NULL,NULL,NULL,NULL,NULL,NULL#'.
- The query will show the database version, demonstrating the SQL injection vulnerability.
Vulnerable Code:
The vulnerability exists in insert_reservation.php at the following lines:
Line 40: $query = "SELECT * FROM reservaciones WHERE RestaurantName LIKE '%$search_query%' OR FullName LIKE '%$search_query%'";
Line 41: $result = $conex->query($query);
Line 87:$result->free();
Suggested Fix:
Use prepared statements with parameterized queries to prevent SQL injection. Here is the revised code:
// insert_reservation.php
$query = "SELECT * FROM reservaciones WHERE RestaurantName LIKE ? OR FullName LIKE ?";
$stmt = $conex->prepare($query);
$search_with_wildcards = '%' . $search_query . '%';
$stmt->bind_param('ss', $search_with_wildcards, $search_with_wildcards);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
Authors:
Patrick Dean Ramos
Nathu Nandwani
Junnair Manla
Kevin Rosales
Steve Nyan
Shanavas Shakeer
Lani Lambert