TUCoPS :: Web :: Guestbooks :: tb13348.htm

li-guestbook sql inj
li-guestbook sql inj
li-guestbook sql inj


New Advisory:=0D
LI-Guestbook SQL Injection Vulnerability=0D
http://www.security-news.ws/li-sql-injection/=0D 
=0D
--------------------Summary----------------=0D
Vendor: LI-Scripts=0D
Vendor's Web Site: http://www.liscripts.net=0D 
Software: LI-Guestbook=0D
Sowtware's Web Site: http://www.liscripts.net/products.php#guestbook=0D 
Versions: 1.2=0D
Critical Level: Moderate=0D
Type: SQL Injection=0D
Class: Remote=0D
Status: Unpatched=0D
PoC/Exploit: Not Available=0D
Solution: Not Available=0D
Discovered by: security-news.ws=0D
=0D
-----------------Description---------------=0D
1. SQL Injection.=0D
=0D
Vulnerable script: guestbook.php=0D
=0D
Parameter 'country' is not properly sanitized before being used in SQL=0D
query. This can be used to make SQL queries by injecting arbitrary SQL=0D
code.=0D
=0D
Condition: magic_quotes_gpc = off=0D
=0D
--------------PoC/Exploit----------------------=0D
Waiting for developer(s) reply.=0D
=0D
--------------Solution---------------------=0D
No Patch available.=0D
=0D
--------------Credit-----------------------=0D
Discovered by: www.security-news.ws=0D 
=0D
Regards,=0D
http://www.security-news.ws

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH