Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Guestbooks :: b06-3292.htm

OpenGuestbook Cross Site Scripting & SQL Injection



OpenGuestbook Cross Site Scripting & SQL Injection
OpenGuestbook Cross Site Scripting & SQL Injection



Produce     : Open Guestbook 0.5=0D
Site : http://sourceforge.net/projects/openguestbook=0D 
Discovred by: Moroccan Security Team (Simo64)=0D
Greetz to   : And All Friends :)=0D
=0D
Details :=0D
==========0D
=0D
[+]Cross Site Scripting=0D
************************=0D
=0D
  [-]vulnerable code in header.php on line 5=0D
=0D
  [1]  =0D
  [2]=0D
  [3]  =0D
  [4]=0D
  [5]  <? echo "$title"; ?>=0D
  =0D
   --------------------=0D
   =0D
Exploit : http://localhost/openguestbook/header.php?title=[XSS]=0D 
   =0D
  [-] Solution=0D
  =0D
  edit line 5 on header.php=0D
  =0D
  [5] <? echo htmlspecialchars($title); ?>=0D
   =0D
   =0D
[+]SQL Injection =0D
******************=0D
=0D
   [-]vulnerable code near lines 23 - 28=0D
   =0D
   [23]  if (empty($offset)) {=0D
   [24]  $offset=0;=0D
   [25]  }=0D
   [26]  =0D
   [27]  // get results=0D
   [28]  $result=mysql_query("SELECT * FROM $tentries ORDER BY ID DESC limit $offset,$limit");=0D
=0D
[-]Exploit : http://localhost/openguestbook/view.php?offset=[SQL]=0D 
=0D
   [-]Solution :=0D
   =0D
   edit line 23 in view.php =0D
   =0D
   [23]  if (empty($offset) OR !is_numeric($offset) {=0D
   [24]  $offset=0;=0D
=0D
   =0D
[+] Contact :=0D
**************=0D
=0D
simo64[at]gmail[dot]com


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH