SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the 'save_category' function within '/admin/ajax.php?action=save_category'. The vulnerability allows remote attackers to manipulate the 'name' parameter, leading to error-based SQL injection. This exploitation can be used to extract sensitive database information, such as database names, table structures, and user credentials, and could potentially allow for unauthorized data manipulation or deletion.

Impact

Exploitation of this vulnerability could result in unauthorized access to database information, including user credentials, and allow for manipulation or deletion of database records. Additionally, this vulnerability could be exploited to escalate privileges by hijacking session data.

Reproduction

To reproduce this vulnerability, send a POST request to '/pizzafy/admin/ajax.php?action=save_category' with an injected payload in the 'name' parameter. The injection can include SQL commands that exploit the application's SQL query handling, such as using 'extractvalue' to retrieve database information through error messages.

Remediation

It is recommended to update the 'save_category' function to use prepared statements for database queries, ensuring that user input is properly sanitized and validated before being executed. Additionally, review and restrict database user permissions to minimize the impact of potential SQL injection attacks.