Advanced Guestbook 2.2 -- SQL Injection Exploit

首页	安全动态	IT新闻	安全人物	本站动态	漏洞公告	病毒警报	木马预警
流氓软件	漏洞分析	入侵检测	升级补丁	安全配置	信道安全	设备安全	协议安全
WEB安全	病毒分析	木马研究	脚本注入	后门探讨	技术应用	数据安全	企业专区

收藏本站

设为首页

Advanced Guestbook 2.2 -- SQL Injection Exploit

作者：佚名文章来源：不详点击数：更新时间：2007-1-25 10:44:22

List:       bugtraq
Subject:    Re: Advanced Guestbook 2.2 -- SQL Injection Exploit
From:       <mary () gmbwebworks ! com>
Date:       2005-02-12 20:37:32
Message-ID: <20050212203732.10241.qmail () www ! securityfocus ! com>
[Download message RAW]

In-Reply-To: <20040421103632.8258.qmail@www.securityfocus.com>

> Received: (qmail 26376 invoked from network); 21 Apr 2004 20:40:00 -0000
> Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) /
> (205.206.231.26) by mail.securityfocus.com with SMTP; 21 Apr 2004 20:40:00 -0000
> Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id EEF39143805; Wed, 21 Apr 2004 22:32:37 -0600 (MDT)
> Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
> Precedence: bulk
> List-Id: <bugtraq.list-id.securityfocus.com>
> List-Post: <mailto:bugtraq@securityfocus.com>
> List-Help: <mailto:bugtraq-help@securityfocus.com>
> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
> Delivered-To: mailing list bugtraq@securityfocus.com
> Delivered-To: moderator for bugtraq@securityfocus.com
> Received: (qmail 3881 invoked from network); 21 Apr 2004 09:08:27 -0000
> Date: 21 Apr 2004 10:36:32 -0000
> Message-ID: <20040421103632.8258.qmail@www.securityfocus.com>
> Content-Type: text/plain
> Content-Disposition: inline
> Content-Transfer-Encoding: binary
> MIME-Version: 1.0
> X-Mailer: MIME-tools 5.411 (Entity 5.404)
> From: JQ <idiosyncrasie@xs4all.nl>
> To: bugtraq@securityfocus.com
> Subject: Advanced Guestbook 2.2 -- SQL Injection Exploit
>
>
>
> The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears /
> vulnerable to SQL Injection granting the attacker administrator access. The attack /
> is very simple and consists of inputting the following password string leaving the /
> username entry blank:
> ') OR ('a' = 'a
>
> Regards,
>
> JQ
>
Upgrading an installation of Advanced Guestbook 2.2 to version 2.3.1 will fix this /
vulnerability.

后台admin.php 'or''='

Advanced Guestbook 2.2
Powered by PHP & MySQL - http://http://www.proxy2.de

【转自世纪安全网 http://www.21safe.com】

文章录入：admin 责任编辑：admin

上一篇文章：如何登录到已经到期的Windows XP中？

下一篇文章： [推荐]BBSXP SQL版上传文件漏洞(严重!!!)

【字体：小大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】

　网友评论：（只显示最新10条。评论内容只代表网友观点，与本站立场无关！）

MADWiFi Linux内核设备驱
Essentia Web Server GE
Essentia Web Server GE
Linux Kernel LSM ReadV
Intervations FileCopa
高级间谍软件扫描清除工
Intervations FileCopa
多个Avaya产品Linux内核
不再垂帘听政让XP的Adm
Win2000 IIS管理实用程序

\| 设为首页 \| 加入收藏 \| 联系站长 \| 友情链接 \| 版权申明 \|
Copyright © 2006-2008　www.anquan365.com　安全365 建议使用1024*768分辨率及第三方浏览器对本站进行浏览