Alguest Cookie Falsification Vulnerability

Alguest Cookie Falsification Vulnerability

Alguest is a guestbook program, written in PHP and back-ended by a MySQL database. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Alguest is prone to an issue which may enable a remote attacker to gain administrative access to the guestbook.

Alguest administrative cookies are not properly checked for administrative rights (via a shared secret, credentials such as username/password, etc.). As a result, it is trivial for a remote attacker to falsify an administrative cookie.