Max's Guestbook 1.0 Multiple Remote Vulnerabilities

2012-03-14T00:00:00
ID EDB-ID:36967
Type exploitdb
Reporter n0tch
Modified 2012-03-14T00:00:00

Description

Max's Guestbook 1.0 Multiple Remote Vulnerabilities. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/52471/info

Max's Guestbook is prone to multiple remote vulnerabilities.

Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, and execute arbitrary local scripts in the context of the webserver process. Other attacks are also possible.

Max's Guestbook 1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/max/index.php?page=../../../../../../../../../../../../../../../../../etc/passwd%00