Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Advanced Guestbook 2.2 -- SQL Injection Exploit
From: JQ <idiosyncrasie () xs4all nl>
Date: 21 Apr 2004 10:36:32 -0000


The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the 
attacker administrator access. The attack is very simple and consists of inputting the following password string 
leaving the username entry blank:

') OR ('a' = 'a

Regards,

JQ

  By Date           By Thread  

Current thread:
  • Advanced Guestbook 2.2 -- SQL Injection Exploit JQ (Apr 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]