.:. Simple one-file guestbook 1.0 .:.
August 08, 2006
http://www.xeroxer.com/index.php?page=3
This is my simple one-file guestbook.
It's made of one .php file (the script) and one .txt file (the entrystorage file).
It uses no database just a flat textfile.
It is made so it's easy to include in any page.
It has admin login where you can edit and remove entrys.
Demo can be found at: http://php.xeroxer.com/simple_one-file_guestbook/demo/guestbook.php
Any help needed please mail me at: [email protected]
<= 1.0
I malicious people can Bypass Administrator Pannel to delete all of the messages in the GuestBook because there is no control
about admin credential.
An attacker can use this URL via the browser to delete all messages:
http://host/[path]/guestbook.php?id=4
[August 08, 2006] Informed!
[August 08, 2006] No solution available from the vendor.
You can edit the source code and control the administratior credential.
omnipresent
omnipresent[at]email[dot]it
http://it.security.netsons.org