intitle:guestbook "advanced guestbook 2.2 powered"

• SHDB
• 5094 阅读

• 日期：2004-05-12
• 类别：
  • Advisories and Vulnerabilities
• 作者：anonymous
• 语法：intitle:guestbook "advanced guestbook 2.2 powered"

• Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. AttackerFrom there, hit "Admin" then do the following:Leave username field blank.For password, enter this exactly:') OR ('a' = 'aYou are now in the Guestbook's Admin section.http://www.securityfocus.com/bid/10209