SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the 'get_cart_items' function within '/admin/ajax.php?action=get_cart_items'. The vulnerability allows remote attackers to manipulate the 'id' parameter, leading to unauthorized database access. This error-based SQL injection can be exploited to extract sensitive information, such as database names and user credentials, and potentially modify or delete records.

Impact

Exploitation of this vulnerability allows attackers to perform error-based SQL injection, with impacts including unauthorized data access, manipulation or deletion of database records, and potential privilege escalation by hijacking session data.

Reproduction

To reproduce this vulnerability, send a GET request to '/pizzafy/admin/ajax.php?action=get_cart_items' with a crafted 'id' parameter that includes SQL injection payloads. The application does not properly sanitize the 'id' parameter, allowing the injection of malicious SQL commands that the database will execute. This can be done using tools like Burp Suite or manually via a web browser, by including SQL injection techniques such as 'UNION SELECT' or 'error-based' payloads that exploit the application's SQL query handling.

Remediation

The vulnerability can be remediated by using prepared statements to handle SQL queries, which prevents injection attacks by separating SQL logic from data. Input validation should also be implemented to ensure that only expected values are accepted. Additionally, database user permissions should be restricted to limit the potential impact of any successful injection attacks.