Read the post to know about vuln : https://medium.com/@lethanhphuc.pk/second-order-sql-injection-explained-with-example-f67fb199f5e5
- Create a database and import file db_sql.sql
- Copy folder sql2order into server localhost
Read the post to know how to exploit