[Nick W]

Advanced Guestbook 2.2 is a massively deployed guestbook on the Internet due to its ease of use. Users can create a guestbook in a matter of minutes and have no problems whatsoever.

Until now.

Hot from Bugtraq comes this cute little item from JQ:

') OR ('a' = 'a

By using the above code in the "password" field on admin.php for the guestbook a malicious user will be immediately brought to the administration page where they can subsequently edit guest posts, delete posts, and look through logs. All they need to do is enter the above in as a password and click submit, leaving the username blank.

Google search for "Advanced Guestbook 2.2" (including quotes) returned about 158,000 results. Advanced Guestbook 2.2's admin.php file is relatively easy to find. I would suggest administrators of this guestbook immediately change the name of the file or remove it altogether until a patch is released.

[aapje]

haha works fine!

/edit. you can do stuff by editing the templates =]

[Logan]

http://www.google.co...uestbook+2.2%22

omg... that is just tooooo simple...
i even told my girlfriend to so she could get an idea of what it's like lol

[qcred11]

W-o-W This is cool and pretty simple. I'm gonna try it tonight.
Looks like the programmers made a backdoor for themselves... ;)

[ssj4conejo]

Nice one... i'm surprised n00bs havent asked for what port to scan, or for a compiled version. :D lol.

[x1`]

is there any chance we could like get root of the host of where the files are , pritty limted to this exploit :( cool tho for deleting stuff and then people ask why u delete my post lol

[isaiah]

http://www.google.co...%22+admin%2Ephp

great place to find vuln sites

[Logan]

Dickybob20, on Apr 22 2004, 05:11 AM, said:

is there any chance we could like get root of the host of where the files are , pritty limted to this exploit :( cool tho for deleting stuff and then people ask why u delete my post lol

all this exploit is good for is JUST the guestbook, not the server

[qcred11]

Quote

Advanced Guestbook 2.2's admin.php file is relatively easy to find.

I found a web site with Advanced guest book 2.2, but I didn't find any place where I can use Admin login, until I rered Yorn's first post. Admin.php was really easy to find.
Thannks for the post and explanation.

[icenix]

Quote

Nice one... i'm surprised n00bs havent asked for what port to scan, or for a compiled version. :) lol

i wonder how many people actually know what this is and understand the concepts of SQL Injection....im going through a phase of wondering where the old hackers went and being faced with these new Generation *cough* hackers *cough*

im not pointing the finger at ya ssj ;) just pointing out something on my mind :)
can anyone get the source code of this Guestbook so we can maybe teach these "n00bs" of what an SQL injection is? maybe it would be a good learning experience...

if they can actually be bothered............