SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the 'save_order' function within '/admin/ajax.php?action=save_order'. The vulnerability allows for error-based SQL injection, where the 'id' parameter is not properly sanitized, enabling remote attackers to inject malicious SQL commands that could be executed on the backend database.

Impact

Exploitation of this vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized data access, data modification or deletion, and privilege escalation by hijacking sessions to gain administrative access.

Reproduction

To reproduce this vulnerability, send a POST request to '/pizzafy/admin/ajax.php?action=save_order' with an injected payload in the 'id' parameter. The payload should exploit the SQL injection by, for example, using 'OR extractvalue(1,concat(0x7e,database())) --' to extract database information.

Remediation

It is recommended to use prepared statements and parameterized queries to prevent SQL injection. Validate and sanitize the 'id' parameter to ensure only expected values are accepted. Additionally, restrict database user privileges to limit potential damage from SQL injection attacks.