AOH :: Web :: Guestbooks

AOH :: Web :: Guestbooks :: TB10418.HTM
LS simple guestbook - arbitrary code execution

LS simple guestbook - arbitrary code execution LS simple guestbook - arbitrary code execution


########################################################
#   Special Greetings To - Timq,Warpboy,The-Maggot     #
########################################################

File: index.php
Affects: LS simple guestbook (v1)
Date: 15th April 2007

Issue Description:
==========================================================================LS simple guestbook fails to sanitize user input that it writes to the 
posts.txt file when the user leaves a message, this file is then included 
causing any php code within it to be run.
==========================================================================
Scope:
==========================================================================An attacker can inject arbitrary php code and potentially execute commands 
on the system.
==========================================================================
Recommendation:
==========================================================================Add the following line of code in index.php: 

$message = strip_tags($message);

just above: 

if ($message != "") {$file = fopen("$dataf","a");
==========================================================================

Example:

name = Test
message = 


Discovered By: Gammarays

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.