|
###################Dicomdk####################=0D
Full Path Disclosure xGuestBook v1.02 #=0D
#=0D
http://xatrix.xa.funpic.de/xguestbook2/ #=0D
#=0D
By : X-boy #=0D
##############################################=0D
=0D
http://[HOST]/post.php=0D
=0D
Test : http://xatrix.xa.funpic.de/xguestbook2/post.php=0D
=0D
Result :=0D
=========0D
Notice: Undefined index: user in [site]\post.php on line 15=0D
=0D
Notice: Undefined index: mail in [site]\post.php on line 16=0D
=0D
Notice: Undefined index: p in [site]\post.php on line 17=0D
=0D
Notice: Undefined index: url in [site]\post.php on line 19=0D
=0D
##############################################=0D
Patch : #=0D
##############################################=0D
=0D
-Open post.php =0D
-Find : =0D
=0D
$user = HTMLSPECIALCHARS(trim($_POST['user']));=0D
$email = HTMLSPECIALCHARS(trim($_POST['mail']));=0D
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));=0D
$post = str_replace(" "," ",$post);=0D
$url = HTMLSPECIALCHARS(trim($_POST['url']));=0D
$date = date("Y-m-d g:i:s");=0D
=0D
-Change to :=0D
=0D
if (isset($_POST['user']) AND isset($_POST['mail']) AND isset($_POST['p']) AND isset($_POST['url']))=0D
{=0D
$user = HTMLSPECIALCHARS(trim($_POST['user']));=0D
$email = HTMLSPECIALCHARS(trim($_POST['mail']));=0D
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));=0D
$post = str_replace(" "," ",$post);=0D
$url = HTMLSPECIALCHARS(trim($_POST['url']));=0D
$date = date("Y-m-d g:i:s");=0D
}=0D
=0D
##############################################=0D
=0D
=0D
=0D
=0D