Full Path Disclosure xGuestBook v1.02
###################Dicomdk####################
Full Path Disclosure xGuestBook v1.02 #
#
http://xatrix.xa.funpic.de/xguestbook2/ #
#
By : X-boy #
##############################################
http://[HOST]/post.php
Test : http://xatrix.xa.funpic.de/xguestbook2/post.php
Result :
========
Notice: Undefined index: user in [site]\post.php on line 15
Notice: Undefined index: mail in [site]\post.php on line 16
Notice: Undefined index: p in [site]\post.php on line 17
Notice: Undefined index: url in [site]\post.php on line 19
##############################################
Patch : #
##############################################
-Open post.php
-Find :
$user = HTMLSPECIALCHARS(trim($_POST['user']));
$email = HTMLSPECIALCHARS(trim($_POST['mail']));
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));
$post = str_replace(" "," ",$post);
$url = HTMLSPECIALCHARS(trim($_POST['url']));
$date = date("Y-m-d g:i:s");
-Change to :
if (isset($_POST['user']) AND isset($_POST['mail']) AND isset($_POST['p']) AND
isset($_POST['url']))
{
$user = HTMLSPECIALCHARS(trim($_POST['user']));
$email = HTMLSPECIALCHARS(trim($_POST['mail']));
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));
$post = str_replace(" "," ",$post);
$url = HTMLSPECIALCHARS(trim($_POST['url']));
$date = date("Y-m-d g:i:s");
}
##############################################