If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Advanced Guestbook 2.2 -- SQL Injection Exploit  XML
Forum Index » Support Forum
Author Message
Jam'n
Graduate
[Avatar]

Joined: 07/01/2003 17:31:39
Messages: 166
Location: Netherlands
Offline

I found out that Advanced Guestbook 2.2 appears vulnerable to SQL Injection granting the attacker administrator access. The attack is very simple and consists of inputting a special password string leaving the username entry blank:

So I suggest you upgrade to the latest version.

Jam'n


------------------------------------------------

Only the man who's truly educated
understands that he knows very little...

------------------------------------------------
[WWW]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum