New Advisory: Sava's GuestBook Multiple Vulnerablities http://belsec.com/advisories/142/summary.html --------------------Summary---------------- Belsec ID: BS0002 Software: Sava's GuestBook Sowtware's Web Site: http://savasplace.com Versions: 23.11.2006 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: Belsec Team -----------------Description--------------- 1. SQL Injection. Vulnerable script: add2.php Parameters 'name', 'country', 'email', 'website', 'message' is not properly sanitized before being used in SQL query. This can be used to make SQL queries by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off 2. Cross-Site Scripting. Vulnerable Script: add2.php Parameter 'name', 'country', 'email', 'website' is not properly sanitized. This can be used to post arbitrary HTML or web script code. --------------PoC/Exploit---------------------- Waiting for developer(s) reply. --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Belsec Team Regards, Belsec Team http://belsec.com