Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13807
HistoryAug 09, 2006 - 12:00 a.m.

Simple GuestBook Bug

2006-08-0900:00:00
vulners.com
11

.:. Simple one-file guestbook 1.0 .:.

Date:

August 08, 2006

Vendor:

http://www.xeroxer.com/index.php?page=3

Description:

This is my simple one-file guestbook.
It's made of one .php file (the script) and one .txt file (the entrystorage file).
It uses no database just a flat textfile.
It is made so it's easy to include in any page.
It has admin login where you can edit and remove entrys.
Demo can be found at: http://php.xeroxer.com/simple_one-file_guestbook/demo/guestbook.php
Any help needed please mail me at: [email protected]

Version:

<= 1.0

Vulnerability(ies) / Exploit(s):

I malicious people can Bypass Administrator Pannel to delete all of the messages in the GuestBook because there is no control
about admin credential.

PoC(s):

An attacker can use this URL via the browser to delete all messages:

http://host/[path]/guestbook.php?id=4

Vendor Status:

[August 08, 2006] Informed!

Solution:

[August 08, 2006] No solution available from the vendor.

You can edit the source code and control the administratior credential.

Credit:

omnipresent
omnipresent[at]email[dot]it
http://it.security.netsons.org