Software: Online Pizza Ordering System 1.0
Software Link: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html
Vulnerability Type: SQL Injection
Affected Component: QTY Parameter
Impact Denial of Service: True
Impact Code execution : True
Attack Type: Remote
Vendor of Product: Sourcecodester
SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. The vulnerability exists in Sourcecodester Online Pizza Ordering System 1.0 in QTY parameter found during updating the cart in AJAX.php endpoint.
The Affected URL where the vulnerable parameter can be found : http://HOST/php-opos/admin/ajax.php?action=update_cart_qty
Impact: SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information
The QTY parameter is vulnerable to SQL injection, which allows an attacker to modify the behavior of the application and access data they should not be able to. By submitting a specially crafted payload containing SQL statements, we were able to generate an SQL error message. This indicates that the application is vulnerable to SQL injection attacks.
Reproduction/ exploit Steps: To reproduce this vulnerability:
-
Navigate to the Online Pizza Ordering System application.
-
Add a few items to the cart.
-
Update the cart by updating the QTY of of item.
- Intercept the HTTP request send it to the repeater and then add single Quote (`) to get the sql error in response from server
-
An SQL error message is displayed, indicating that the application is vulnerable to SQL injection.
-
Insert the mentioned payload in QTY parameter on the above request to confirm that the application is vulnerable to SQL injection.
Payload : (CASE WHEN (9603=9603) THEN SLEEP(11) ELSE 9603 END)
