Re: Advanced Guestbook 2.2 -- SQL Injection Exploit

[<mary () gmbwebworks com>]

In-Reply-To: <20040421103632.8258.qmail () www securityfocus com>

> Received: (qmail 26376 invoked from network); 21 Apr 2004 20:40:00 -0000
> Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26)
>  by mail.securityfocus.com with SMTP; 21 Apr 2004 20:40:00 -0000
> Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
>       by outgoing.securityfocus.com (Postfix) with QMQP
>       id EEF39143805; Wed, 21 Apr 2004 22:32:37 -0600 (MDT)
> Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <bugtraq.list-id.securityfocus.com>
> List-Post: <mailto:bugtraq () securityfocus com>
> List-Help: <mailto:bugtraq-help () securityfocus com>
> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
> Delivered-To: mailing list bugtraq () securityfocus com
> Delivered-To: moderator for bugtraq () securityfocus com
> Received: (qmail 3881 invoked from network); 21 Apr 2004 09:08:27 -0000
> Date: 21 Apr 2004 10:36:32 -0000
> Message-ID: <20040421103632.8258.qmail () www securityfocus com>
> Content-Type: text/plain
> Content-Disposition: inline
> Content-Transfer-Encoding: binary
> MIME-Version: 1.0
> X-Mailer: MIME-tools 5.411 (Entity 5.404)
> From: JQ <idiosyncrasie () xs4all nl>
> To: bugtraq () securityfocus com
> Subject: Advanced Guestbook 2.2 -- SQL Injection Exploit
>
>
>
> The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the 
> attacker administrator access. The attack is very simple and consists of inputting the following password string 
> leaving the username entry blank:
>
> ') OR ('a' = 'a
>
> Regards,
>
> JQ
Upgrading an installation of Advanced Guestbook 2.2 to version 2.3.1 will fix this vulnerability.