Lucene search

K

openGuestbook.txt

🗓️ 27 Jun 2006 00:00:00Reported by Simo64 Moroccan Security TeamType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 22 Views

Open Guestbook 0.5, XSS and SQL Injection vulnerabilitie

Show more
Code
`Produce : Open Guestbook 0.5  
Site : http://sourceforge.net/projects/openguestbook  
Discovred by: Moroccan Security Team (Simo64)  
Greetz to : And All Friends :)  
  
Details :  
=========  
  
[+]Cross Site Scripting  
************************  
  
[-]vulnerable code in header.php on line 5  
  
[1] <html>  
[2]  
[3] <head>  
[4]  
[5] <title><? echo "$title"; ?></title>  
  
--------------------  
  
Exploit : http://localhost/openguestbook/header.php?title=</title>[XSS]  
  
[-] Solution  
  
edit line 5 on header.php  
  
[5] <title><? echo htmlspecialchars($title); ?></title>  
  
  
[+]SQL Injection   
******************  
  
[-]vulnerable code near lines 23 - 28  
  
[23] if (empty($offset)) {  
[24] $offset=0;  
[25] }  
[26]   
[27] // get results  
[28] $result=mysql_query("SELECT * FROM $tentries ORDER BY ID DESC limit $offset,$limit");  
  
[-]Exploit : http://localhost/openguestbook/view.php?offset=[SQL]  
  
[-]Solution :  
  
edit line 23 in view.php   
  
[23] if (empty($offset) OR !is_numeric($offset) {  
[24] $offset=0;  
  
  
[+] Contact :  
**************  
  
simo64[at]gmail[dot]com  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo