| عنوان | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection (Error-Based) |
|---|
| الوصف | Pizzafy Ecommerce System 1.0 contains an authenticated error-based SQL Injection vulnerability in the user management functionality, specifically in the username parameter processed by the endpoint /pizzafy/admin/ajax.php?action=save_user. The vulnerability is caused by improper sanitization of user-supplied input before it is embedded into SQL SELECT, INSERT, and UPDATE statements.
During the user creation and update process, the application dynamically constructs SQL queries using unsanitized POST parameters. Additionally, database error messages are directly returned to the client when query execution fails, enabling attackers to leverage error-based SQL injection techniques.
An authenticated attacker can inject crafted SQL payloads to trigger database errors and extract sensitive information such as database version, schema structure, and potentially user credentials. The vulnerability may also allow unauthorized modification of application data and privilege escalation depending on the database context.
The root cause is the use of unsafe dynamic SQL construction without prepared statements or proper input validation. This vulnerability is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command. |
|---|
| المصدر | ⚠️ https://github.com/r3ng4f/Pizzafy_1/blob/main/03-exploit.md |
|---|
| المستخدم | r3ng4f (UID 73285) |
|---|
| ارسال | 13/04/2026 05:08 PM (2 أشهر منذ) |
|---|
| الاعتدال | 29/04/2026 03:17 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 360143 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=save_user حقن SQL] |
|---|
| النقاط | 20 |
|---|