Multiple SQL Injection Vulnerabilities on Web Cookbook found by Security Researcher

An Independent Pakistani Security Researcher Saadat Ullah found Multiple SQL Injection Vulnerabilities on Web Cookbook. Security Researcher also found SQL Injection and XSS vulnerabilities on nconf-1.3, Plogger Gallery and on Mybb Plugin PRO STAT.

Vulnerabilities details are given below:

# Exploit Title: Web Cookbook Multiple SQL Injection
# Date: 2013/3/12
# Exploit Author: Saadat Ullah , [email protected]
# Software Link: http://sourceforge.net/projects/webcookbook/
# Author HomePage: http://security-geeks.blogspot.com/
# Tested on: Server: Apache/2.2.15 (Centos) PHP/5.3.3

# SQL Injection

http://localhost/cook/searchrecipe.php?sstring=[SQLi]

http://localhost/cook/showtext.php?mode=[SQLi]

http://localhost/cook/searchrecipe.php?mode=1&title=[SQLi]&prefix=&preparation=&postfix=&tipp=&ingredient=

http://localhost/cook/showtext.php?mode=[SQLi]

All GET Fields Are Vuln To SQLi

http://localhost/cook/searchrecipe.php?mode=1&title=[SQLi]&prefix=&preparation=&postfix=&tipp=&ingredient=

A simple Non-Presistent XSS
http://localhost/cook/searchrecipe.php?mode=1&title=&prefix=&preparation=&postfix=&tipp=&ingredient=

email