SQL Injection Exploit

Please read:

http://beckspaced.com/gb_fix/index.php

Here is a very simple quick fix. Just rename the admin.php file to something different

for example

54RtFgvb.php

and then update line 25 in /admin/config.inc.php

forgot to add, remove all links to the admin. otherwise it will show the new name for the admin file in the link

Tired of being hacked?

Guide to the ultimate protection.

1) create new file and name it anything you want .php
2) insert this code (comes straight from proxy2.de site)

4)
open up admin.php and on the second line directly after <?php
place this

now, make sure that the password in the authentication file matches YOUR password to the guestbook.

5) rename the admin.php to something other than admin.php
6) update /admin/config.inc.php file to reflect the new name of admin.php file
7) remove any and all links in guestbook to administration area

guestbook is completly secured from everyone...except you.

i was not able to hack into my own guestbook using the info provided

If the authentication user name and password do not match the guestbook admin user name and password, you will never be able to get in.

Make sure both password sets match...otherwise you are right, not even you will get in.