Advanced Guestbook 2.3.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Advanced Guestbook 2.3.1
From: Spy Hat <spyhat@xxxxxxxxxx>
Date: 8 May 2005 06:18:51 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


There is an SQL Injection in Advanced Guestbook 2.3.1

For Example:

http://www.(yourdomain).com/(yourguestbookdirectory)/index.php?entry='

or

http://www.(yourdomain).com/(yourguestbookdirectory)/index.php?entry=%27

Yours,
SpyHat

Prev by Date: phpbb 2.0.15 released - patches high critical vuln
Next by Date: Re: firefox 1.0.3 spoof+auto dl
Previous by thread: Re: phpbb 2.0.15 released - patches high critical vuln
Next by thread: Firefox Remote Compromise Technical Details
Index(es):
- Date
- Thread