Menu
▾
▴
Re: [Phpwebsite-developers] Guestbook module exploit
|
From: Kenneth P. <kpo...@po...> - 2004-05-05 16:47:35
|
Thanks for sharing this, Shaun! I've tried to reproduce this exploit, but the Guestbook mod from Badguy doe= sn't have a seperate login procedure. The admin part is called directly via an URL, and the login security is han= dled by phpWS. I don't know if it would be possible then to exploit this vulnerbility, but= I'm definitely not sure. Any comments out there? Kenneth Poulsen Shaun Murray <sh...@ae...> wrote: ... > It's based on another guestbook script from proxy2.de which > has had an SQL injection exploit discovered recently. I think it's=20 > one of 'badguy's on http://www.chula-rural.net/ which appears to be > down.=20 > http://www.net-security.org/vuln.php?id=3D3408 >=20 > I've no idea if the phpwebsite module version is equally at > risk so I'd=20 > thought I'd try a heads-up on the list just in case. >=20 |
