EGuest PRO guestbook version 4.0 is susceptible to SQL injection and cross site scripting attacks.
e40f18d14bfa5461a0fb251f320cd963------------------------------------------------------
Nightmare TeAmZ Advisory 004
------------------------------------------------------
Date - 11/2005
EGuest PRO
AFFECTED PRODUCTS
=================
EGuest PRO 4.0 Guestbook
http://www.esoftpro.com/product.php?pid=eguestpro
OVERVIEW
========
EGuest PRO is an award-winning comprehensive guestbook system based on the
popular guestbook system EGuest. New features including Admin Interfaces,
Theme Support, Advanced Search with Highlight, Auto Web/Email Links, IP/Word
Banning, Blank Line Protection, 250+ Smiley and much more. It excels any
other guestbook scripts, allowing you to have a truly professional guestbook
on your website
DETAILS
=======
1. Sql Injection
2. XSS
POC
===
1.
------
Sql Injecion:
Exemple
--------
1. Sql Injection:
/EGuest-PRO_show.php?display=[SQL]
2. XSS:
/EGuest-PRO_show.php?display=10&sort=>[XSS]
Exemple:
http://[host]/[path]/EGuest-PRO_show.php?display='
Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk, Advisory by Sub_Z3r0 of Nightmare TeAmZ,
Site: http://www.NightmareTeAmZ.altervista.org
_________________________________________________________________
Personalizza MSN Messenger con sfondi e fotografie!
http://www.ilovemessenger.msn.it/
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!