SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue resides in the login function of the file /admin/ajax.php?action=login, where the e-mail parameter is not properly sanitized. This flaw allows remote attackers to inject malicious SQL commands, exploiting error-based SQL injection techniques to manipulate database queries. The vulnerability is unpatched and has a public exploit available.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to database information, manipulation or deletion of database records, and in some cases, privilege escalation by hijacking user sessions.

Reproduction

To reproduce this vulnerability, send a POST request to /pizzafy/admin/ajax.php?action=login with an injected SQL payload in the username parameter. The injection can be crafted to exploit the SQL query handling of the login function, taking advantage of the application's error reporting to extract database information.

Remediation

It is recommended to update the login function to use prepared statements for database queries, ensuring proper parameter binding to prevent SQL injection. Additionally, input validation should be implemented to sanitize user inputs before processing them in SQL commands.