Advanced Guestbook Input Validation Hole in Password String Permits SQL Injection
|
|
SecurityTracker Alert ID: 1009928
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 23 2004
|
Impact: Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Version(s): 2.2
|
Description: A vulnerability was reported in Advanced Guestbook. A remote user can inject SQL commands to gain administrator access to the application.
JQ reported that a remote user can supply a specially crafted password value with no username value to inject SQL commands and gain
administrative access to the guest book application.
A demonstration exploit value is provided:
') OR ('a' = 'a
|
Impact: A remote user can execute SQL commands on the underlying database. A remote user can gain administrative access on the application.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: proxy2.de/scripts.php (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: JQ <idiosyncrasie@xs4all.nl>
|
Message History:
None.
|
Source Message Contents
|
Date: 21 Apr 2004 10:36:32 -0000
From: JQ <idiosyncrasie@xs4all.nl>
Subject: Advanced Guestbook 2.2 -- SQL Injection Exploit
|
The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injectio
n granting the attacker administrator
access. The attack is very simple and consists of inputting the following password string leaving th
e username entry blank:
') OR ('a' = 'a
Regards,
JQ
|
|
