PHP Address Book SQL Injection Vulnerability in Photo.php

A time-based blind SQL injection vulnerability has been identified in PHP Address Book version 9.0.0.1. This vulnerability allows remote attackers to manipulate database queries by injecting crafted SQL statements through the 'id' parameter in the photo.php endpoint. Exploitation involves adding time delays to the injected SQL, which can be used to extract information by analyzing the response times.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate SQL queries and potentially extract sensitive information from the database by observing response time variations.

Reproduction

To reproduce this vulnerability, send a request to the photo.php endpoint with a crafted 'id' parameter that includes a SQL injection payload. The payload should be designed to introduce a time delay, such as using the SQL SLEEP function. If the application is vulnerable, the response will be delayed by the duration specified in the payload, indicating successful exploitation.