###################Dicomdk####################

Full Path Disclosure xGuestBook v1.02 #

#

http://xatrix.xa.funpic.de/xguestbook2/ #

#

By : X-boy #

##############################################

http://[HOST]/post.php

Test : http://xatrix.xa.funpic.de/xguestbook2/post.php

Result :

========

Notice: Undefined index: user in [site]\post.php on line 15

Notice: Undefined index: mail in [site]\post.php on line 16

Notice: Undefined index: p in [site]\post.php on line 17

Notice: Undefined index: url in [site]\post.php on line 19

##############################################

Patch : #

##############################################

-Open post.php

-Find :

$user = HTMLSPECIALCHARS(trim($_POST['user']));

$email = HTMLSPECIALCHARS(trim($_POST['mail']));

$post = nl2br(HTMLSPECIALCHARS($_POST['p']));

$post = str_replace(" ","  ",$post);

$url = HTMLSPECIALCHARS(trim($_POST['url']));

$date = date("Y-m-d g:i:s");

-Change to :

if (isset($_POST['user']) AND isset($_POST['mail']) AND isset($_POST['p']) AND isset($_POST['url']))

{

$user = HTMLSPECIALCHARS(trim($_POST['user']));

$email = HTMLSPECIALCHARS(trim($_POST['mail']));

$post = nl2br(HTMLSPECIALCHARS($_POST['p']));

$post = str_replace(" ","  ",$post);

$url = HTMLSPECIALCHARS(trim($_POST['url']));

$date = date("Y-m-d g:i:s");

}

##############################################

[ reply ]