‹‹ 上一主题 | 下一主题 ››
发新话题
打印

[转载]Advanced Guestbook 2.2 -- SQL Injection Exploit

exploit

荣誉会员

Rank: 6Rank: 6Rank: 6

E.S.T论坛贵宾

帖子
1449 
精华
90 
积分
8884 
阅读权限
100 
性别
男 
来自
河北 
在线时间
153 小时 
注册时间
2013-12-25 
最后登录
2007-4-6 

优秀管理奖 资料收集奖

楼主 发表于 2005-2-15 08:51  只看该作者

[转载]Advanced Guestbook 2.2 -- SQL Injection Exploit

List:     bugtraq
Subject:   Re: Advanced Guestbook 2.2 -- SQL Injection Exploit
From:     <mary () gmbwebworks ! com>
Date:     2005-02-12 20:37:32
Message-ID: <20050212203732.10241.qmail () www ! securityfocus ! com>
[Download message RAW]

In-Reply-To: <20040421103632.8258.qmail@www.securityfocus.com>

> Received: (qmail 26376 invoked from network); 21 Apr 2004 20:40:00 -0000
> Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) \
> (205.206.231.26) by mail.securityfocus.com with SMTP; 21 Apr 2004 20:40:00 -0000
> Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id EEF39143805; Wed, 21 Apr 2004 22:32:37 -0600 (MDT)
> Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
> Precedence: bulk
> List-Id: <bugtraq.list-id.securityfocus.com>
> List-Post: <mailto:bugtraq@securityfocus.com>
> List-Help: <mailto:bugtraq-help@securityfocus.com>
> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
> Delivered-To: mailing list bugtraq@securityfocus.com
> Delivered-To: moderator for bugtraq@securityfocus.com
> Received: (qmail 3881 invoked from network); 21 Apr 2004 09:08:27 -0000
> Date: 21 Apr 2004 10:36:32 -0000
> Message-ID: <20040421103632.8258.qmail@www.securityfocus.com>
> Content-Type: text/plain
> Content-Disposition: inline
> Content-Transfer-Encoding: binary
> MIME-Version: 1.0
> X-Mailer: MIME-tools 5.411 (Entity 5.404)
> From: JQ <idiosyncrasie@xs4all.nl>
> To: bugtraq@securityfocus.com
> Subject: Advanced Guestbook 2.2 -- SQL Injection Exploit
>
>
>
> The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears \
> vulnerable to SQL Injection granting the attacker administrator access. The attack \
> is very simple and consists of inputting the following password string leaving the \
> username entry blank:
> &#39;) OR (&#39;a&#39; = &#39;a
>
> Regards,
>
> JQ
>
Upgrading an installation of Advanced Guestbook 2.2 to version 2.3.1 will fix this \
vulnerability.


后台admin.php   &#39;or&#39;&#39;=&#39;

Advanced Guestbook 2.2
Powered by PHP & MySQL - http://http://www.proxy2.de
益友网吧联盟  http://www.96-7.com

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题