Latest posts for the topic "Advance Guestbook hacking from the browser name"

Advance Guestbook hacking from the browser name

Capone — GMT

Hi, my advance guestbook has been hacked again, now the hacker change his browser name for this code "> and the guestbook show a single message and big frame.

Can someone helpme?

Regars

Carbonize — GMT

This is why you should update to 2.3.3

BassX — GMT

Go into the Admin Section of your Guestbook and delete that post. Then, as Carbonize pointed out, update to 2.3.3

Carbonize — GMT

I had the same moron try it on my guestbook at the same time and I'm not even using Advanced Guestbook which proves what a moron they are. You don't really have to update to 2.3.3 as patchng the exploit is simple.

Open lib/add.class.php and find
[code]$agent = getenv("HTTP_USER_AGENT");[/code]
or it may be
[code]$agent = $_SERVER['HTTP_USER_AGENT'];[/code]

replace it with
[code]$agent = addslashes(htmlspecialchars($_SERVER['HTTP_USER_AGENT']));[/code]