Re: Advanced Guestbook 2.2 -- SQL Injection Exploit

[<mary@xxxxxxxxxxxxxxx>]

In-Reply-To: <20040421103632.8258.qmail@xxxxxxxxxxxxxxxxxxxxx>

>Received: (qmail 26376 invoked from network); 21 Apr 2004 20:40:00 -0000
>Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) 
>(205.206.231.26)
>  by mail.securityfocus.com with SMTP; 21 Apr 2004 20:40:00 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com 
>[205.206.231.20])
>       by outgoing.securityfocus.com (Postfix) with QMQP
>       id EEF39143805; Wed, 21 Apr 2004 22:32:37 -0600 (MDT)
>Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx>
>List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx>
>List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx>
>Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx
>Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx
>Received: (qmail 3881 invoked from network); 21 Apr 2004 09:08:27 -0000
>Date: 21 Apr 2004 10:36:32 -0000
>Message-ID: <20040421103632.8258.qmail@xxxxxxxxxxxxxxxxxxxxx>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: JQ <idiosyncrasie@xxxxxxxxx>
>To: bugtraq@xxxxxxxxxxxxxxxxx
>Subject: Advanced Guestbook 2.2 -- SQL Injection Exploit
>
>
>
>The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears 
>vulnerable to SQL Injection granting the attacker administrator access. The 
>attack is very simple and consists of inputting the following password string 
>leaving the username entry blank:
>
>') OR ('a' = 'a
>
>Regards,
>
>JQ
>
Upgrading an installation of Advanced Guestbook 2.2 to version 2.3.1 will fix 
this vulnerability.