exploits , vulnerabilities , articles , LS simple guestbook (v1) Remote Code Execution Vulnerability

2007-04-09 PcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities
2007-03-15 Creative Guestbook 1.0 Multiple Remote Vulnerabilities
2006-06-08 Guestex Guestbook 1.00 (email) Remote Code Execution Exploit
2006-05-31 Chipmunk Guestbook SQL Injection Vulnerabilities
2006-04-28 Advanced GuestBook <= 2.4.0 (phpBB) Remote File Inclusion Exploit

2007-04-15

LS simple guestbook (v1) Remote Code Execution Vulnerability

Rated as : High Risk

########################################################
#   Special Greetings To - Timq,Warpboy,The-Maggot     #
########################################################

File: index.php
Affects: LS simple guestbook (v1)
Date: 15th April 2007

Issue Description:
===========================================================================
LS simple guestbook fails to sanitize user input that it writes to the
posts.txt file when the user leaves a message, this file is then included
causing any php code within it to be run.
===========================================================================

Scope:
===========================================================================
An attacker can inject arbitrary php code and potentially execute
commands
on the system.
===========================================================================

Recommendation:
===========================================================================
Add the following line of code in index.php:

$message = strip_tags($message);

just above:

if ($message != "") {$file =
fopen("$dataf","a");
===========================================================================


Example:

name = Test
message = <?php phpinfo(); ?>


Discovered By: Gammarays

securitydot.net - 2007-04-15

Exploits - newest 10 RSS | More

2007-06-15 56176 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33450 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41599 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28799 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19325 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16349 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18985 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16224 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33051 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16864 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit