No Rate Limiting on "add_customer" functionality [Vulnerability]

[mufeedvh]

Hello @chetans9,

DESCRIPTION: I found a vulnerability in this project where I am able to brute force the add_customer function X number of times which may result in website breakage.

VULNERABILITY: No Rate Limiting

AFFECTED FUNCTIONALITY: Adding Customer (data) Functionality

PROOF OF CONCEPT:
Just visit: "http://freecs9.epizy.com/core-php-admin/customers.php" and you can literally see that I created a sample 500 customers. :)

IMPACT:
If the server or web host has a maximum limit of queries to be stored, this attack can exceed it and exploit the server/host by brute forcing the function request "limit+X" number of times. If it's a web hosting, the hosted project will be deleted/banned by the providers leading to data loss of this admin panel users. If it's a server, the server might go down because of storage fill.

HOW TO FIX:
Add a Rate Limiting functionality to this function and other related functionalities as well.

FOR REFERENCE:
https://helloacm.com/easy-rate-limit-in-php-using-simple-strategy-an-api-example/
https://stackoverflow.com/questions/4257678/php-rate-limiting-client
http://timoh6.github.io/2015/05/07/Rate-limiting-web-application-login-attempts.html
https://security.stackexchange.com/questions/116113/rate-limit-login-attempts-count-by-ip-or-username
https://code.tutsplus.com/tutorials/how-to-build-rate-limiting-into-your-web-app-login--cms-22133

SOME LIBRARIES FOR EASIER FIX & SECURITY:
https://github.com/sunspikes/php-ratelimiter
https://github.com/davedevelopment/stiphle
https://github.com/touhonoob/RateLimit

#SecuringOpenSource - @mufeedvh

Best Regards,
Mufeed VH (@mufeedvh)