| 标题 | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection (Error-Based) |
|---|
| 描述 | Pizzafy Ecommerce System 1.0 contains an authenticated error-based SQL Injection vulnerability in the add_to_cart functionality, specifically in the pid parameter processed by the endpoint /pizza/admin/ajax.php?action=add_to_cart. The vulnerability is caused by improper sanitization of user-supplied input before it is embedded into backend SQL statements.
The affected function directly incorporates the pid parameter into SQL SELECT, UPDATE, and INSERT queries without using prepared statements or adequate input validation. When malformed SQL input is supplied, database error messages may be returned to the client, allowing attackers to leverage error-based SQL injection techniques to disclose sensitive backend information.
A successful attacker can trigger database errors to enumerate schema details such as table names, database contents, and potentially extract sensitive records. Depending on the database context, the vulnerability may also allow unauthorized manipulation of cart-related records and abuse of application logic.
The issue originates in the add_to_cart() method, where the pid parameter is used directly in dynamically constructed SQL statements. This vulnerability is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command. |
|---|
| 来源 | ⚠️ https://github.com/r3ng4f/Pizzafy_1/blob/main/04-exploit.md |
|---|
| 用户 | r3ng4f (UID 73285) |
|---|
| 提交 | 2026-04-13 17時10分 (2 月前) |
|---|
| 管理 | 2026-04-29 15時17分 (16 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 360144 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=add_to_cart pid SQL注入] |
|---|
| 积分 | 20 |
|---|