EGuest PRO guestbook version 4.0 is susceptible to SQL injection and cross site scripting attacks.
da9102bf55a4eb5d94e8f4d3e770d4c807d5783ede3e6dba032c0523ca0842bd
------------------------------------------------------
Nightmare TeAmZ Advisory 004
------------------------------------------------------
Date - 11/2005
EGuest PRO
AFFECTED PRODUCTS
=================
EGuest PRO 4.0 Guestbook
https://www.esoftpro.com/product.php?pid=eguestpro
OVERVIEW
========
EGuest PRO is an award-winning comprehensive guestbook system based on the
popular guestbook system EGuest. New features including Admin Interfaces,
Theme Support, Advanced Search with Highlight, Auto Web/Email Links, IP/Word
Banning, Blank Line Protection, 250+ Smiley and much more. It excels any
other guestbook scripts, allowing you to have a truly professional guestbook
on your website
DETAILS
=======
1. Sql Injection
2. XSS
POC
===
1.
------
Sql Injecion:
Exemple
--------
1. Sql Injection:
/EGuest-PRO_show.php?display=[SQL]
2. XSS:
/EGuest-PRO_show.php?display=10&sort=>[XSS]
Exemple:
https://[host]/[path]/EGuest-PRO_show.php?display='
Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk, Advisory by Sub_Z3r0 of Nightmare TeAmZ,
Site: https://www.NightmareTeAmZ.altervista.org
_________________________________________________________________
Personalizza MSN Messenger con sfondi e fotografie!
https://www.ilovemessenger.msn.it/