Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Advanced Guestbook 2.2 -- SQL Injection Exploit

From: JQ <idiosyncrasie () xs4all nl>
Date: 21 Apr 2004 10:36:32 -0000


The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the 
attacker administrator access. The attack is very simple and consists of inputting the following password string 
leaving the username entry blank:

') OR ('a' = 'a

Regards,

JQ
Previous By Date Next
Previous By Thread Next

Current thread: