Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Guestbooks :: hack2365.htm

Advanced Guestbook 2.2 -- SQL Injection Exploit



Advanced Guestbook 2.2 -- SQL Injection Exploit



The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the attacker administrator access. The attack is very simple and consists of inputting the following password string leaving the username entry blank:



') OR ('a' = 'a



Regards,



JQ


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH