|
/*=0D
--------------------------------------------------------=0D
[N]eo [S]ecurity [T]eam [NST]? - Advisory #23 - 07/07/06=0D
--------------------------------------------------------=0D
Program: PBL Guestbook=0D
Homepage: www.pixelatedbylev.com=0D
Vulnerable Versions: 1.32 and lower.=0D
Risk: High!=0D
Impact: Critical Risk=0D
=0D
-==PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities==-=0D
---------------------------------------------------------=0D
=0D
- Description=0D
---------------------------------------------------------=0D
PBL Guestbook fully functional guestbook loaded with tons of features and packed for premium optimization and performance.=0D
=0D
- Tested=0D
---------------------------------------------------------=0D
PBL Homepage & other sites=0D
=0D
- Explotation=0D
---------------------------------------------------------=0D
=0D
1)=0D
=0D
Vulnerable code:=0D
=0D
=0D
==[ pblguestbook.php 164-183 ]===========================0D
[...]=0D
if ($id){=0D
foreach ($_POST as $name => $value)=0D
{=0D
$_POST["$name"] = str_replace("\n","
",$value);=0D
}=0D
foreach ($_POST as $name => $value)=0D
{=0D
$_POST["$name"] = str_replace("\t","",$value);=0D
}=0D
foreach ($_POST as $name => $value)=0D
{=0D
$_POST["$name"] = str_replace("\r","",$value);=0D
}=0D
foreach ($_POST as $name => $value)=0D
{=0D
$_POST["$name"] = str_replace('|',"¦",$value);=0D
}=0D
foreach ($_POST as $name => $value)=0D
{=0D
$_POST["$name"] = preg_replace("/\