Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16256
HistoryMar 05, 2007 - 12:00 a.m.

Sava's GuestBook Multiple Vulnerabilities

2007-03-0500:00:00
vulners.com
38
JSON

New Advisory:
Sava's GuestBook Multiple Vulnerablities
http://belsec.com/advisories/142/summary.html

--------------------Summary----------------
Belsec ID: BS0002
Software: Sava's GuestBook
Sowtware's Web Site: http://savasplace.com
Versions: 23.11.2006
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: Belsec Team

-----------------Description---------------

  1. SQL Injection.

Vulnerable script: add2.php

Parameters 'name', 'country', 'email', 'website', 'message' is not
properly sanitized before being used in SQL query. This can be used to
make SQL queries by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

  1. Cross-Site Scripting.

Vulnerable Script: add2.php

Parameter 'name', 'country', 'email', 'website' is not properly sanitized.
This can be used to post arbitrary HTML or web script code.

--------------PoC/Exploit----------------------
Waiting for developer(s) reply.

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Belsec Team

Regards,
Belsec Team
http://belsec.com

JSON