TUCoPS :: Web :: Guestbooks :: hack2365.htm

Advanced Guestbook 2.2 -- SQL Injection Exploit
Advanced Guestbook 2.2 -- SQL Injection Exploit



The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the attacker administrator access. The attack is very simple and consists of inputting the following password string leaving the username entry blank:



') OR ('a' = 'a



Regards,



JQ

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH