Code-Projects Online Food Ordering System SQL Injection Vulnerability in Shopping Cart Module

A critical SQL injection vulnerability has been identified in the Online Food Ordering System version 1.0 by Code-Projects. The issue resides in the Shopping Cart Module, specifically within the file form/cart.php. The vulnerability is triggered by manipulating the del parameter, which is passed directly to a SQL query without proper sanitization or parameterization. This flaw allows for time-based blind SQL injection, where an attacker can execute arbitrary SQL commands and observe the application's response time as a confirmation of the injection's success. The vulnerability can be exploited remotely, without any authentication or user interaction.

Impact

Exploitation of this vulnerability allows attackers to perform time-based blind SQL injection, confirmed by the ability to execute SQL commands that cause delays in the application's response. This could be used to extract, modify, or delete database records.

Reproduction

To reproduce this vulnerability, send a POST request to the form/cart.php file with the del parameter. Include a crafted payload that closes the original SQL query string and injects a subquery that uses the SLEEP function to create a delay. A 10-second delay in the response will confirm the successful exploitation of the SQL injection vulnerability.