SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the delete_menu function within the file admin/ajax.php, specifically when the action parameter is set to delete_menu. The vulnerability allows remote attackers to manipulate the ID argument, leading to unauthorized database access and manipulation. This error-based SQL injection can be exploited to extract sensitive information from the database, such as database names, table structures, and user credentials, or to delete and modify records.

Impact

Exploitation of this vulnerability allows for error-based SQL injection, where attackers can extract data from the database through crafted SQL commands that exploit the application's error handling. This could lead to unauthorized access to sensitive information, manipulation or deletion of database records, and potential privilege escalation by hijacking session data.

Reproduction

To reproduce this vulnerability, send a POST request to /pizzafy/admin/ajax.php?action=delete_menu with an injected SQL payload in the id parameter. The injection can be crafted to exploit the application's SQL query handling, such as by using SQL injection techniques that leverage error-based exploitation to extract database information.

Remediation

It is recommended to use prepared statements and parameterized queries to prevent SQL injection vulnerabilities. Input validation and sanitization of the id parameter should be implemented to ensure only expected values are processed. Additionally, database user privileges should be restricted to limit the potential impact of any successful SQL injection attacks.