SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the file '/view_prod.php', where the 'id' parameter is not properly sanitized, allowing remote attackers to inject malicious SQL commands. This vulnerability is classified as error-based SQL injection, where attackers can exploit database errors to extract sensitive information such as database names, table structures, and user credentials. The vulnerability also allows for unauthorized manipulation of database records and potential privilege escalation.

Impact

Exploitation of this vulnerability could lead to unauthorized access to database information, including sensitive user data and application records. Attackers could also manipulate or delete database information, causing disruption to the application's functionality. Additionally, there is a risk of privilege escalation by hijacking session data to gain administrative access.

Reproduction

To reproduce this vulnerability, send a GET request to '/pizzafy/view_prod.php' with an injected 'id' parameter that includes SQL payloads designed to exploit error-based SQL injection. The injection can be verified by observing the application's response for database error messages that reveal sensitive information.

Remediation

The vulnerability can be remediated by implementing input validation and using prepared statements to handle SQL queries securely. Additionally, database user privileges should be restricted to minimize the impact of any potential SQL injection attacks.