Max's Guestbook Multiple Remote Vulnerabilities
BID:52471
Info
Max's Guestbook Multiple Remote Vulnerabilities
| Bugtraq ID: | 52471 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2012 12:00AM |
| Updated: | Mar 14 2012 12:00AM |
| Credit: | n0tch |
| Vulnerable: |
Max's Guestbook Max's Guestbook 1.0 |
| Not Vulnerable: | |
Discussion
Max's Guestbook Multiple Remote Vulnerabilities
Max's Guestbook is prone to multiple remote vulnerabilities.
Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, and execute arbitrary local scripts in the context of the webserver process. Other attacks are also possible.
Max's Guestbook 1.0 is vulnerable; other versions may also be affected.
Max's Guestbook is prone to multiple remote vulnerabilities.
Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, and execute arbitrary local scripts in the context of the webserver process. Other attacks are also possible.
Max's Guestbook 1.0 is vulnerable; other versions may also be affected.
Exploit / POC
Max's Guestbook Multiple Remote Vulnerabilities
An attacker can exploit these issues through a browser.
The following example URI is available:
Local file include:
http://www.example.com/max/index.php?page=../../../../../../../../../../../../../../../../../etc/passwd%00
An attacker can exploit these issues through a browser.
The following example URI is available:
Local file include:
http://www.example.com/max/index.php?page=../../../../../../../../../../../../../../../../../etc/passwd%00
Solution / Fix
Max's Guestbook Multiple Remote Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Max's Guestbook Multiple Remote Vulnerabilities
References:
References:
- Max's Guestbook Homepage (Max's Guestbook)