If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Security  XML
Forum Index » General Discussion
Author Message
cndgirl
Beginner

Joined: 17/04/2004 18:27:27
Messages: 13
Offline

Is there some security issue's with this guestbook? I know first time I installed, made the mistake of deleting my database. BUT this time I once again lost my guestbook and It wasn't on my part!! wtf is going on with this script?
mittineague
Newbie

Joined: 05/06/2004 00:51:53
Messages: 1
Location: Massachusetts
Offline

I am using Guestbook v2.2 on a LAMP server. Periodically I check it for new posts. Today, (June 6, '04), the page displayed only the logo and the sign and admin links, and hung. When I checked the database tables, the data table was intact. However, the config table had been altered. The font_face field had been changed to end the font tag and write an iframe tag leading to another site, where the first action was an attempt to overwrite the browser's "home" setting. Although I have not been able to replicate the table alteration, I believe that the SECURITY HOLE is in the application's use of $_POST_VARS, and their not being validated. I have added a $_SESSION check - redirect, to my guestbook pages to limit it's use to legitimate site visitors. I will next add a preg_replace() to validate the $_POST_VARS. Hope this helps!

I have not failed. I've just found 10,000 ways that won't work. ~Thomas Edison
[WWW]
 
Forum Index » General Discussion
Go to:   
Based on the open source JForum