Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

OpenGuestbook Cross Site Scripting & SQL Injection

From: simo64 () gmail com
Date: 25 Jun 2006 07:07:33 -0000
Produce     : Open Guestbook 0.5
Site        : http://sourceforge.net/projects/openguestbook
Discovred by: Moroccan Security Team (Simo64)
Greetz to   : And All Friends :)

Details :
=========

[+]Cross Site Scripting
************************

  [-]vulnerable code in header.php on line 5

  [1]  <html>
  [2]
  [3]  <head>
  [4]
  [5]  <title><? echo "$title"; ?></title>
  
   --------------------
   
   Exploit : http://localhost/openguestbook/header.php?title=</title>[XSS]
   
  [-] Solution
  
  edit line 5 on header.php
  
  [5] <title><? echo htmlspecialchars($title); ?></title>
   
   
[+]SQL Injection 
******************

   [-]vulnerable code near lines 23 - 28
   
   [23]  if (empty($offset)) {
   [24]  $offset=0;
   [25]  }
   [26]  
   [27]  // get results
   [28]  $result=mysql_query("SELECT * FROM $tentries ORDER BY ID DESC limit $offset,$limit");

   [-]Exploit : http://localhost/openguestbook/view.php?offset=[SQL]

   [-]Solution :
   
   edit line 23 in view.php 
   
   [23]  if (empty($offset) OR !is_numeric($offset) {
   [24]  $offset=0;

   
[+] Contact :
**************

simo64[at]gmail[dot]com
Previous By Date Next
Previous By Thread Next

Current thread: