Vulners
Lucene search
LS Simple Guestbook 1.0 - Remote Code Execution
########################################################
# Special Greetings To - Timq,Warpboy,The-Maggot #
########################################################
File: index.php
Affects: LS simple guestbook (v1)
Date: 15th April 2007
Issue Description:
===========================================================================
LS simple guestbook fails to sanitize user input that it writes to the
posts.txt file when the user leaves a message, this file is then included
causing any php code within it to be run.
===========================================================================
Scope:
===========================================================================
An attacker can inject arbitrary php code and potentially execute commands
on the system.
===========================================================================
Recommendation:
===========================================================================
Add the following line of code in index.php:
$message = strip_tags($message);
just above:
if ($message != "") {$file = fopen("$dataf","a");
===========================================================================
Example:
name = Test
message = <?php phpinfo(); ?>
Discovered By: Gammarays
# milw0rm.com [2007-04-14]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Apr 2007 00:00Current
7.4High risk
Vulners AI Score7.4