Max’s Guestbook 1.0 – Multiple Remote Vulnerabilities

Exploit Database
18 阅读

作者： n0tch

日期： 2012-03-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36967/

source: https://www.securityfocus.com/bid/52471/info

Max's Guestbook is prone to multiple remote vulnerabilities.

Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, and execute arbitrary local scripts in the context of the webserver process. Other attacks are also possible.

Max's Guestbook 1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/max/index.php?page=../../../../../../../../../../../../../../../../../etc/passwd%00

last Exploits
Max’s Guestbook 1.0 – Multiple Remote Vulnerabilities的更多信息

URL Shortener Script 1.0 – SQL Injection：
Mult-e-Cart Ultimate 2.4 – ‘id’ SQL Injection：
Online Matrimonial Project 1.0 – Authenticated Remote Code Execution：
FileExecutive 1 – Multiple Vulnerabilities：
Auto CMS 1.8 – Remote Code Execution：
TomatoCMS 2.0.5 – Multiple Cross-Site Request Forgery Vulnerabilities：
Artworks Gallery Management System 1.0 – ‘id’ SQL Injection：
NetCat CMS – Multiple Vulnerabilities：