Description - Multiple Vulnerabilities in phphg Guestbook
Multiple Vulnerabilities found in phphg Guestbook script.
1. Authentication Bypass
Vulnerable script: check.php
There are two ways to bypass authentication:
a) SQL Injection
Variable $HTTP_POST_VARS[username] isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
b) Cookie based authentication
check.php script dont make password comparisson when identifying user by cookies
2. Multiple Cross-Site Scripting
Vulnerable script: signed.php
Variables $HTTP_POST_VARS[location] $HTTP_POST_VARS[website] $HTTP_POST_VARS[message] are not properly sanitized. This can be used to post arbitrary html or script code.
3. SQL Injections in administrator control panel
Vulnerable scripts:
admin/edit_smilie.php
admin/add_theme.php
admin/ban_ip.php
admin/add_lang
admin/edit_filter
Variable $HTTP_GET_VARS[id] variable isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
Order Source Code Test made by eVuln team
You may order source code analysis of your website or web application made by eVuln team.The order will be done by specialists in website security.