Produce : Open Guestbook 0.5
Site : http://sourceforge.net/projects/openguestbook
Discovred by: Moroccan Security Team (Simo64)
Greetz to : And All Friends :)
Details :
=========
[+]Cross Site Scripting
************************
[-]vulnerable code in header.php on line 5
[1] <html>
[2]
[3] <head>
[4]
[5] <title><? echo "$title"; ?></title>
--------------------
Exploit : http://localhost/openguestbook/header.php?title=</title>[XSS]
[-] Solution
edit line 5 on header.php
[5] <title><? echo htmlspecialchars($title); ?></title>
[+]SQL Injection
******************
[-]vulnerable code near lines 23 - 28
[23] if (empty($offset)) {
[24] $offset=0;
[25] }
[26]
[27] // get results
[28] $result=mysql_query("SELECT * FROM $tentries ORDER BY ID DESC limit $offset,$limit");
[-]Exploit : http://localhost/openguestbook/view.php?offset=[SQL]
[-]Solution :
edit line 23 in view.php
[23] if (empty($offset) OR !is_numeric($offset) {
[24] $offset=0;
[+] Contact :
**************
simo64[at]gmail[dot]com
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum