Sava's GuestBook Multiple Vulnerabilities

Credit: Belsec Team
Risk: Medium
Local: No
Remote: Yes

New Advisory: Sava's GuestBook Multiple Vulnerablities --------------------Summary---------------- Belsec ID: BS0002 Software: Sava's GuestBook Sowtware's Web Site: Versions: 23.11.2006 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: Belsec Team -----------------Description--------------- 1. SQL Injection. Vulnerable script: add2.php Parameters 'name', 'country', 'email', 'website', 'message' is not properly sanitized before being used in SQL query. This can be used to make SQL queries by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off 2. Cross-Site Scripting. Vulnerable Script: add2.php Parameter 'name', 'country', 'email', 'website' is not properly sanitized. This can be used to post arbitrary HTML or web script code. --------------PoC/Exploit---------------------- Waiting for developer(s) reply. --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Belsec Team Regards, Belsec Team

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top