Simple one-file Guestbook versions 1.0 and below suffer from an administrative bypass flaw.
03c48e5cf2943901784568167172e7b38a60b06ba29d03fb02f195cce05038d6
.:. Simple one-file guestbook 1.0 .:.
Date:
-----
August 08, 2006
Vendor:
-------
http://www.xeroxer.com/index.php?page=3
Description:
------------
This is my simple one-file guestbook.
It's made of one .php file (the script) and one .txt file (the entrystorage file).
It uses no database just a flat textfile.
It is made so it's easy to include in any page.
It has admin login where you can edit and remove entrys.
Demo can be found at: http://php.xeroxer.com/simple_one-file_guestbook/demo/guestbook.php
Any help needed please mail me at: webmaster@xeroxer.com
Version:
--------
<= 1.0
Vulnerability(ies) / Exploit(s):
--------------------------------
I malicious people can Bypass Administrator Pannel to delete all of the messages in the GuestBook because there is no control
about admin credential.
PoC(s):
-------
An attacker can use this URL via the browser to delete all messages:
http://host/[path]/guestbook.php?id=4
Vendor Status:
--------------
[August 08, 2006] Informed!
Solution:
---------
[August 08, 2006] No solution available from the vendor.
You can edit the source code and control the administratior credential.
Credit:
-------
omnipresent
omnipresent[at]email[dot]it
http://it.security.netsons.org