Google Search: intitle:guestbook “advanced guestbook 2.2 powered”
ThrowedOff rates this entry 6 out of 10.
Submitted: 2004-05-12 00:00:00
Added by: ThrowedOff
Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. AttackerFrom there, hit “Admin” then do the following:Leave username field blank.For password, enter this exactly:’) OR (‘a’ = ‘aYou are now in the Guestbook’s Admin section.http://www.securityfocus.com/bid/10209
2004-05-27 18:29:44 (Anonymous): I’m quite amazed that such a simple sql injection still works on so many sites nowadays. It will work with just about /every/ result that google pulls up
2004-05-30 09:53:12 (Fr0zen): This works perfectly, but i see i was not the first who has already tried it :)
2004-12-25 10:51:00 (vinny): Yeah, Sorry but i’m a noob and it’s maby stupid
but it’s not working by me.
What do i wrong ?
I search i google ? then exampl:
then i leave the username emty
en for the password i fill: ‘) OR (‘a’ = ‘a (between the // in).
and i get an error Access Denied ?
Or SQl Error ?
Wat i doing wrong ?
Ps: Srry for my bad english
2005-08-18 20:43:18 (JTR000): that one site was secured against it.