| 제목 | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection (Error-Based) |
|---|
| 설명 | Pizzafy Ecommerce System 1.0 contains an authenticated error-based SQL Injection vulnerability in the user management functionality, specifically in the username parameter processed by the endpoint /pizzafy/admin/ajax.php?action=save_user. The vulnerability is caused by improper sanitization of user-supplied input before it is embedded into SQL SELECT, INSERT, and UPDATE statements.
During the user creation and update process, the application dynamically constructs SQL queries using unsanitized POST parameters. Additionally, database error messages are directly returned to the client when query execution fails, enabling attackers to leverage error-based SQL injection techniques.
An authenticated attacker can inject crafted SQL payloads to trigger database errors and extract sensitive information such as database version, schema structure, and potentially user credentials. The vulnerability may also allow unauthorized modification of application data and privilege escalation depending on the database context.
The root cause is the use of unsafe dynamic SQL construction without prepared statements or proper input validation. This vulnerability is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command. |
|---|
| 원천 | ⚠️ https://github.com/r3ng4f/Pizzafy_1/blob/main/03-exploit.md |
|---|
| 사용자 | r3ng4f (UID 73285) |
|---|
| 제출 | 2026. 04. 13. PM 05:08 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 29. PM 03:17 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 360143 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=save_user SQL 주입] |
|---|
| 포인트들 | 20 |
|---|