Add php page vulnerable to sql injection.
This commit is contained in:
parent
9ee6631831
commit
fa021341aa
|
@ -165,6 +165,7 @@ Vagrant.configure("2") do |config|
|
|||
chef.add_recipe "metasploitable::docker"
|
||||
chef.add_recipe "metasploitable::samba"
|
||||
chef.add_recipe "metasploitable::unrealircd"
|
||||
chef.add_recipe "metasploitable::payroll_app"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
-- phpMyAdmin SQL Dump
|
||||
-- version 3.5.8
|
||||
-- http://www.phpmyadmin.net
|
||||
--
|
||||
-- Host: 127.0.0.1
|
||||
-- Generation Time: Apr 10, 2017 at 04:42 PM
|
||||
-- Server version: 5.5.54-0ubuntu0.14.04.1
|
||||
-- PHP Version: 5.4.5
|
||||
|
||||
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
|
||||
SET time_zone = "+00:00";
|
||||
|
||||
|
||||
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
|
||||
/*!40101 SET NAMES utf8 */;
|
||||
|
||||
--
|
||||
-- Database: `payroll`
|
||||
--
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
--
|
||||
-- Table structure for table `users`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `users` (
|
||||
`username` varchar(30) COLLATE utf8mb4_unicode_ci NOT NULL,
|
||||
`first_name` varchar(30) COLLATE utf8mb4_unicode_ci NOT NULL,
|
||||
`last_name` varchar(30) COLLATE utf8mb4_unicode_ci NOT NULL,
|
||||
`password` varchar(40) COLLATE utf8mb4_unicode_ci NOT NULL,
|
||||
`salary` int(20) NOT NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
--
|
||||
-- Dumping data for table `users`
|
||||
--
|
||||
|
||||
INSERT INTO `users` (`username`, `first_name`, `last_name`, `password`, `salary`) VALUES
|
||||
('luke_skywalker', 'Luke', 'Skywalker', 'password', 102000),
|
||||
('leia_organa', 'Leia', 'Organa', 'obiwan', 95600),
|
||||
('han_solo', 'Han', 'Solo', 'sh00t-first', 12000),
|
||||
('artoo_detoo', 'Artoo', 'Detoo', 'beep_b00p', 22000),
|
||||
('c_three_pio', 'C', 'Threepio', 'pr0t0c0l', 32000),
|
||||
('ben_kenobi', 'Ben', 'Kenobi', 'thats_no_moon', 1000000),
|
||||
('darth_vader', 'Darth', 'Vader', 'd@rk_sid3', 666000),
|
||||
('anakin_skywalker', 'Anakin', 'Skywalker', 'yipp33!!', 0),
|
||||
('jarjar_binks', 'Jar-Jar', 'Binks', 'mesah_p@ssw0rd', 2000),
|
||||
('lando_calrissian', 'Lando', 'Calrissian', 'b@ckstab', 4000000),
|
||||
('boba_fett', 'Boba', 'Fett', 'mandalorian1', 2000000),
|
||||
('jabba_hutt', 'Jabba', 'The Hutt', 'not-a-slug12', 10000000),
|
||||
('greedo', 'Greedo', 'Rodian', 'hanShotFirst!', 500000),
|
||||
('chewbacca', 'Chewbacca', '', 'rwaaaaawr5', 4500),
|
||||
('kylo_ren', 'Kylo', 'Ren', 'daddy_issues1', 66600);
|
||||
|
||||
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
|
@ -0,0 +1,50 @@
|
|||
<?php
|
||||
|
||||
$conn = new mysqli('127.0.0.1', 'root', 'sploitme', 'payroll');
|
||||
if ($conn->connect_error) {
|
||||
die("Connection failed: " . $conn->connect_error);
|
||||
}
|
||||
?>
|
||||
|
||||
<form action="" method="post">
|
||||
<table width="50%">
|
||||
<tr>
|
||||
<td>User</td>
|
||||
<td><input type="text" name="user"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td></td>
|
||||
<td><input type="text" name="password"></td>
|
||||
</tr>
|
||||
</table>
|
||||
<input type="submit" value="OK" name="s">
|
||||
</form>
|
||||
|
||||
<?php
|
||||
if($_POST['s']){
|
||||
$user = $_POST['user'];
|
||||
$pass = $_POST['password'];
|
||||
$sql = "select username, first_name, last_name, salary from users where username = '$user' and password = '$pass'";
|
||||
|
||||
if ($conn->multi_query($sql)) {
|
||||
do {
|
||||
/* store first result set */
|
||||
echo "<table border=1>";
|
||||
echo "<tr><th>Username</th><th>First Name</th><th>Last Name</th><th>Salary</th></tr>";
|
||||
if ($result = $conn->store_result()) {
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$keys = array_keys($row);
|
||||
echo "<tr>";
|
||||
foreach ($keys as $key) {
|
||||
echo "<td>" . $row[$key] . "</td>";
|
||||
}
|
||||
}
|
||||
$result->free();
|
||||
}
|
||||
if (!$conn->more_results()) {
|
||||
echo "</table>";
|
||||
}
|
||||
} while ($conn->next_result());
|
||||
}
|
||||
}
|
||||
?>
|
|
@ -0,0 +1,21 @@
|
|||
#
|
||||
# Cookbook:: metasploitable
|
||||
# Recipe:: payroll_app
|
||||
# Copyright:: 2017, Rapid7, All Rights Reserved.
|
||||
|
||||
cookbook_file '/var/www/html/payroll_app.php' do
|
||||
source 'payroll_app/payroll_app.php'
|
||||
mode '0755'
|
||||
end
|
||||
|
||||
cookbook_file '/tmp/payroll.sql' do
|
||||
source 'payroll_app/payroll.sql'
|
||||
mode '0755'
|
||||
end
|
||||
|
||||
bash 'create payroll database and import data' do
|
||||
code <<-EOH
|
||||
mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="sploitme" --execute="CREATE DATABASE payroll;"
|
||||
mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="sploitme" payroll < /tmp/payroll.sql
|
||||
EOH
|
||||
end
|
|
@ -35,7 +35,7 @@ end
|
|||
bash "compile and install php" do
|
||||
code <<-EOH
|
||||
cd /home/vagrant/php-5.4.5
|
||||
./configure --with-apxs2=/usr/bin/apxs --with-mysql
|
||||
./configure --with-apxs2=/usr/bin/apxs --with-mysqli --enable-embedded-mysqli
|
||||
make
|
||||
make install
|
||||
EOH
|
||||
|
|
Loading…
Reference in New Issue