SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability in Add to Cart Function

A SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the file '/admin/ajax.php?action=add_to_cart', where improper sanitization of the 'pid' parameter allows for the injection of malicious SQL queries. This vulnerability can be exploited remotely, potentially leading to unauthorized data access, data manipulation, or disclosure of sensitive information through database error messages.

Impact

Exploitation of this vulnerability allows for error-based SQL injection, where an attacker can inject SQL commands that cause the database to return error messages. These messages can reveal sensitive information, such as database structure and contents. Additionally, this vulnerability could be exploited to modify or delete database records, and potentially escalate privileges by manipulating session-related data.

Reproduction

To reproduce this vulnerability, send a POST request to '/pizza/admin/ajax.php?action=add_to_cart' with the 'pid' parameter containing a crafted SQL payload that exploits the SQL injection vulnerability, and the 'qty' parameter set to a desired quantity. The injected SQL payload should be designed to extract information from the database, such as table names or sensitive data, by leveraging the application's SQL query handling.

Remediation

Users are advised to update to the patched version of SourceCodester Pizzafy Ecommerce System, which includes proper input validation and parameterized queries to prevent SQL injection attacks.