Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Guestbooks :: c07-2536.htm

Sava's GuestBook Multiple Vulnerabilities
Sava's GuestBook Multiple Vulnerabilities
Sava's GuestBook Multiple Vulnerabilities

New Advisory:
Sava's GuestBook Multiple Vulnerablities 

Belsec ID: BS0002
Software: Sava's GuestBook
Sowtware's Web Site: 
Versions: 23.11.2006
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: Belsec Team

1. SQL Injection.

Vulnerable script: add2.php

Parameters 'name', 'country', 'email', 'website', 'message' is not
properly sanitized before being used in SQL query. This can be used to
make SQL queries by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

2. Cross-Site Scripting.

Vulnerable Script: add2.php

Parameter 'name', 'country', 'email', 'website' is not properly sanitized.
This can be used to post arbitrary HTML or web script code.

Waiting for developer(s) reply.

No Patch available.

Discovered by: Belsec Team

Belsec Team 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH